[pkg-lynx-maint] byacc package

Thomas Dickey dickey at his.com
Tue Dec 21 00:13:02 GMT 2021 

On Mon, Dec 20, 2021 at 06:56:44PM +0100, Andreas Metzler wrote:
> On 2021-12-19 Thomas Dickey <dickey at his.com> wrote:
> > On Sun, Dec 19, 2021 at 03:51:35PM -0500, Harlan Lieberman-Berg wrote:
> >>  On Sun, Dec 19, 2021 at 11:29 AM Thomas Dickey <dickey at his.com> wrote:
> [...]
> >>> I'd be willing to take on a Debian-maintainer role to fix that,
> >>> but don't know that my gpg key is signed by any Debian developers.
> [...]
> >>  who are happy to meet and sign keys.  Another possibility is that one
> >>  of the developers of the Lynx packaging team would be willing to sign
> >>  your key based on its history signing Lynx package releases and its
> >>  relationship to previous keys used to sign lynx packages.  Reaching
> >>  out to their team address at pkg-lynx-maint at lists.alioth.debian.org is
> >>  probably the easiest way to get in touch with them.
> 
> > Is Harlan's suggestion something that we can do?
> 
> Hello Thomas,
> 
> I have not yet *signed* a key without a meeting in real-life. However
> as alternative to signature(s) by Debian developer "key endorsements"
> have been introduced last year.
> 
> https://lists.debian.org/debian-devel-announce/2020/09/msg00000.html
> 8X-----------------------------
>  * Key endorsements
> 
> In addition to seeing the reputation for a key based on signatures on
> Debian work, we introduce key endorsements. The idea is to allow
> advocates - and any other Debian Developer - to witness that they have
> interacted with a DM/DD applicant using the GPG key that they are using
> for the process.
> 
> The process, to be implemented on nm.debian.org, and restricted to
> Debian Developers, will be something like this:
> 
>  1. lookup a person's key
>  2. click on a button saying something like "I have interacted with this
>     person with this key"
>  3. add a short note with details.
> 
> That list of endorsements will be public. Each endorsement will be
> timestamped and it will age over time, so that, for example,
> endorsements from 3 years ago would not be valid for NM now.
> 
> We expect people to endorse keys responsibly.
> 
> We also expect that any advocate would be able to provide such an
> endorsement, as in advocating they are bringing their experience in
> interacting with the person first-hand. There may be corner cases in
> which an advocate cannot do that, in which case we will be curious for
> an explanation.
> 
> For a DM or DD process to finish we require at least 2 recent
> endorsements.
> 
> As soon as key endorsements will be implemented, we will stop requiring
> a minimum number of key signatures on nm.debian.org.
> 8X-----------------------------
> 
> Even without a huge number of exchanged mail messages it should be easy
> to build a strong link between your mail address and key(s) with the
> signatures on lynx tarballs we have uploaded to Debian.

yes... I think that I've done what's needed on that
 
> "it should be possible" meaning "I would certainly try to provide this
> service" ;-)

sounds good - when the process is implemented, that would be helpful.

-- 
Thomas E. Dickey <dickey at invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lynx-maint/attachments/20211220/7a3f8da4/attachment.sig>

More information about the pkg-lynx-maint mailing list