[pkg-lynx-maint] byacc package

Andreas Metzler ametzler at bebt.de
Mon Dec 20 17:56:44 GMT 2021 

On 2021-12-19 Thomas Dickey <dickey at his.com> wrote:
> On Sun, Dec 19, 2021 at 03:51:35PM -0500, Harlan Lieberman-Berg wrote:
>>  On Sun, Dec 19, 2021 at 11:29 AM Thomas Dickey <dickey at his.com> wrote:
[...]
>>> I'd be willing to take on a Debian-maintainer role to fix that,
>>> but don't know that my gpg key is signed by any Debian developers.
[...]
>>  who are happy to meet and sign keys.  Another possibility is that one
>>  of the developers of the Lynx packaging team would be willing to sign
>>  your key based on its history signing Lynx package releases and its
>>  relationship to previous keys used to sign lynx packages.  Reaching
>>  out to their team address at pkg-lynx-maint at lists.alioth.debian.org is
>>  probably the easiest way to get in touch with them.

> Is Harlan's suggestion something that we can do?

Hello Thomas,

I have not yet *signed* a key without a meeting in real-life. However
as alternative to signature(s) by Debian developer "key endorsements"
have been introduced last year.

https://lists.debian.org/debian-devel-announce/2020/09/msg00000.html
8X-----------------------------
 * Key endorsements

In addition to seeing the reputation for a key based on signatures on
Debian work, we introduce key endorsements. The idea is to allow
advocates - and any other Debian Developer - to witness that they have
interacted with a DM/DD applicant using the GPG key that they are using
for the process.

The process, to be implemented on nm.debian.org, and restricted to
Debian Developers, will be something like this:

 1. lookup a person's key
 2. click on a button saying something like "I have interacted with this
    person with this key"
 3. add a short note with details.

That list of endorsements will be public. Each endorsement will be
timestamped and it will age over time, so that, for example,
endorsements from 3 years ago would not be valid for NM now.

We expect people to endorse keys responsibly.

We also expect that any advocate would be able to provide such an
endorsement, as in advocating they are bringing their experience in
interacting with the person first-hand. There may be corner cases in
which an advocate cannot do that, in which case we will be curious for
an explanation.

For a DM or DD process to finish we require at least 2 recent
endorsements.

As soon as key endorsements will be implemented, we will stop requiring
a minimum number of key signatures on nm.debian.org.
8X-----------------------------

Even without a huge number of exchanged mail messages it should be easy
to build a strong link between your mail address and key(s) with the
signatures on lynx tarballs we have uploaded to Debian.

"it should be possible" meaning "I would certainly try to provide this
service" ;-)

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lynx-maint/attachments/20211220/2e242875/attachment.sig>

More information about the pkg-lynx-maint mailing list