[csw-maintainers] [policy] GPG Signing Key handling
James Lee
james at opencsw.org
Thu Feb 10 12:53:03 CET 2011
On 10/02/11, 03:57:46, Ben Walton <bwalton at opencsw.org> wrote regarding Re:
[csw-maintainers] [policy] GPG Signing Key handling:
> > the release manager, and the backup release manager. So it is
> > already redundantly held.
> Nothing slight against James, but as he's not a member, his holding
> the key does not count as redundancy for the purpose of this
> discussion.
If I were a member I could leave so the point is invalid. I have held
the key since before OpenCSW existed so the point is doubly invalid.
This is because of the practical problem of how people relinquish
knowledge at cessation of a role. An escrow was required and for
now I have provided that service. Of course trust is used and a risk
exists but assess what the risk is and how alternative plans reduce
or remove risk and reliance on trust.
James.
More information about the maintainers
mailing list