On 28/06, Martin Michlmayr wrote: | * Mark Brown <[EMAIL PROTECTED]> [20010628 16:53]: | > Does the GPG key need to be signed or does it just need to exist? I | > had been under the impression that other forms of identification | > were still possible, though severely discouraged. | | Yeah, those forms still exist. The web site even says | | Do you yet have a GPG key signed by a current developer or some | other photo ID scanned in and signed with your GPG key? | | But I usually talk of 'signed keys' because that's the preferred | method and because it is usually possible to get a signature these | days.
I also think that Debian should accept scanned IDs signed with a trusted X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This would allow people who went through the heavy Thawte id checking to have their identity trusted by the Debian project.
