[pkg-lynx-maint] byacc package

Thomas Dickey dickey at his.com
Fri Dec 31 00:44:46 GMT 2021 

On Mon, Dec 20, 2021 at 07:13:02PM -0500, Thomas Dickey wrote:
> On Mon, Dec 20, 2021 at 06:56:44PM +0100, Andreas Metzler wrote:
> > On 2021-12-19 Thomas Dickey <dickey at his.com> wrote:
> > > On Sun, Dec 19, 2021 at 03:51:35PM -0500, Harlan Lieberman-Berg wrote:
> > >>  On Sun, Dec 19, 2021 at 11:29 AM Thomas Dickey <dickey at his.com> wrote:
> > [...]
> > >>> I'd be willing to take on a Debian-maintainer role to fix that,
> > >>> but don't know that my gpg key is signed by any Debian developers.
> > [...]
> > >>  who are happy to meet and sign keys.  Another possibility is that one
> > >>  of the developers of the Lynx packaging team would be willing to sign
> > >>  your key based on its history signing Lynx package releases and its
> > >>  relationship to previous keys used to sign lynx packages.  Reaching
> > >>  out to their team address at pkg-lynx-maint at lists.alioth.debian.org is
> > >>  probably the easiest way to get in touch with them.
> > 
> > > Is Harlan's suggestion something that we can do?
> > 
> > Hello Thomas,
> > 
> > I have not yet *signed* a key without a meeting in real-life. However
> > as alternative to signature(s) by Debian developer "key endorsements"
> > have been introduced last year.
> > 
> > https://lists.debian.org/debian-devel-announce/2020/09/msg00000.html
> > 8X-----------------------------
> >  * Key endorsements
> > 
> > In addition to seeing the reputation for a key based on signatures on
> > Debian work, we introduce key endorsements. The idea is to allow
> > advocates - and any other Debian Developer - to witness that they have
> > interacted with a DM/DD applicant using the GPG key that they are using
> > for the process.
> > 
> > The process, to be implemented on nm.debian.org, and restricted to
> > Debian Developers, will be something like this:
> > 
> >  1. lookup a person's key
> >  2. click on a button saying something like "I have interacted with this
> >     person with this key"
> >  3. add a short note with details.
> > 
> > That list of endorsements will be public. Each endorsement will be
> > timestamped and it will age over time, so that, for example,
> > endorsements from 3 years ago would not be valid for NM now.
> > 
> > We expect people to endorse keys responsibly.
> > 
> > We also expect that any advocate would be able to provide such an
> > endorsement, as in advocating they are bringing their experience in
> > interacting with the person first-hand. There may be corner cases in
> > which an advocate cannot do that, in which case we will be curious for
> > an explanation.
> > 
> > For a DM or DD process to finish we require at least 2 recent
> > endorsements.
> > 
> > As soon as key endorsements will be implemented, we will stop requiring
> > a minimum number of key signatures on nm.debian.org.
> > 8X-----------------------------
> > 
> > Even without a huge number of exchanged mail messages it should be easy
> > to build a strong link between your mail address and key(s) with the
> > signatures on lynx tarballs we have uploaded to Debian.
> 
> yes... I think that I've done what's needed on that
>  
> > "it should be possible" meaning "I would certainly try to provide this
> > service" ;-)
> 
> sounds good - when the process is implemented, that would be helpful.

Today I was able to meet with 3 DD's in my area and get my key signed.
As I understand the process, the next preparatory step is to ensure
that I have one or more sponsors.

Would one of you be willing to do this?

-- 
Thomas E. Dickey <dickey at invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lynx-maint/attachments/20211230/1fb726bc/attachment.sig>

More information about the pkg-lynx-maint mailing list