[Letux-kernel] [Tinkerphones] [Gta04-owner] Towards QtMoko2: building QtMoko from sources

Jonas Smedegaard jonas at jones.dk
Sun Jun 4 13:18:57 CEST 2017 

Quoting H. Nikolaus Schaller (2017-06-04 11:41:19)
> Am 04.06.2017 um 10:17 schrieb Jonas Smedegaard <jonas at jones.dk>:
>> Please read http://deb.jones.dk/ and tell me which parts of that is 
>> flawed or superfluous or wrong in other ways.
> 
> That is a nice blueprint of exactly what I need and how it should be 
> done!
> 
> If I get it right (just from reading and guessing what it does) it 
> assumes that your key is stored in debian-keyring.

Correct: My instruction is simpler than yours can be: Users of Debian 
already implicitly trust the _identities_ of all Debian members (but 
trust only _releases_ signed by special release keys).

I can therefore suggest users to establish a trust path by finding my 
key among the keys they already trust.

You could instead suggest users to establish a trust path by finding my 
key among the keys they already trust, and then finding your key among 
signatures made by me.


> And this requires that you are trusted by the maintainers of 
> debian-keyring.

debian-keyring *only* contains keys from within Debian.


> Then you can declare that you are trusted and others can verify before 
> taking your word only.

you can declare all you want - that won't change anything, as you have 
no power over the users system.  Yet... ;-)

The _user_ can declare that package releases done (not only by Debian 
officially, but also) independently by you should be trusted.


> But how does your key get into debian-keyring?

By joining Debian. There is no other way for that specifically, so you 
need to adapt instructions to other means of establishing your identity.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.goldelico.com/pipermail/letux-kernel/attachments/20170604/47d061cf/attachment.asc>

More information about the Letux-kernel mailing list