Re: Why are in-person meetings required for the debian keyring?

To: debian-project@lists.debian.org
Subject: Re: Why are in-person meetings required for the debian keyring?
From: Christian Kastner <debian@kvr.at>
Date: Fri, 13 Feb 2015 20:44:34 +0100
Message-id: <[🔎] 54DE5422.1090204@kvr.at>
In-reply-to: <[🔎] 87mw4i6l64.fsf@xoog.err.no>
References: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org> <[🔎] 87twysi3rt.fsf@hands.com> <[🔎] 20150211204508.GA24789@helios.pault.ag> <[🔎] 54DC0AFB.8090302@kvr.at> <[🔎] 87bnkzqc73.fsf@thinkpad.rath.org> <[🔎] 54DD054B.9020709@kvr.at> <[🔎] 87mw4iao0v.fsf@hope.eyrie.org> <[🔎] 87mw4i6l64.fsf@xoog.err.no>

On 2015-02-13 13:38, Tollef Fog Heen wrote:
> There are certainly possible attacks here, but do we realistically think
> we're going to protect ourselves against a competent attacker willing to
> put 3-6-12 months of full-time effort into becoming a DD and getting
> access?

Probably not. But does that mean we shouldn't even try?

And competent attackers notwithstanding, I do believe that this is an
effective deterrent for somewhat less competent (yet still motivated)
ones. And then there is also the scenario that Ian pointed out.

Regards,
Christian

Reply to:

References:
- Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Philip Hands <phil@hands.com>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Christian Kastner <debian@kvr.at>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Christian Kastner <debian@kvr.at>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Russ Allbery <rra@debian.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Tollef Fog Heen <tfheen@err.no>

Prev by Date: Re: Why are in-person meetings required for the debian keyring?
Next by Date: Re: Why are in-person meetings required for the debian keyring?
Previous by thread: Re: Why are in-person meetings required for the debian keyring?
Next by thread: Re: Why are in-person meetings required for the debian keyring?
Index(es):
- Date
- Thread