Re: Why are in-person meetings required for the debian keyring?
On 2015-02-13 13:38, Tollef Fog Heen wrote:
> There are certainly possible attacks here, but do we realistically think
> we're going to protect ourselves against a competent attacker willing to
> put 3-6-12 months of full-time effort into becoming a DD and getting
> access?
Probably not. But does that mean we shouldn't even try?
And competent attackers notwithstanding, I do believe that this is an
effective deterrent for somewhat less competent (yet still motivated)
ones. And then there is also the scenario that Ian pointed out.
Regards,
Christian
Reply to: