FAQ, take two

Robert J. Hansen rjh at sixdemonbag.org
Tue Jun 5 03:36:30 CEST 2012

On 6/4/2012 4:39 PM, Charly Avital wrote:
> I believe the etiquette is that the signed key block should be returned
> to the certificate's owner, for her/him to do what he/she deems
> convenient, e.g. upload it to a keyserver.

I haven't found widespread belief this is a community norm.  There's a
vocal segment that believes one or more of this is a community norm, it
must be a community norm, it is morally and/or ethically wrong if it is
not a community norm -- but it's a segment, and doesn't seem to be
shared by the whole of the community.

> The signer himself/herself should not upload the sign key block to a key
> server, or publish it in any other way, without the certificate's owner
> explicit authorization or request.

By what right can I -- or anyone on this list -- claim the authority to
declare what members of the community should or shouldn't do?  I'm
writing a FAQ, not establishing community norms.  I don't mind writing
the FAQ, but I do mind trying to impose norms.  It's not something I'm
comfortable with.  (Besides.  If I tried, people would laugh at me, and
deservedly so.)

It's reasonable to present the controversy, and I'll make mention of it
in the next revision.  That's as far as I'll go.

Of course, ultimately Werner is the one who gets thumbs-up or
thumbs-down on this -- if it's to someday become the official FAQ, then
he gets final signoff authority.  So if you disagree, feel free to pitch
it to him, but you've heard my position on it.  :)

More information about the Gnupg-users mailing list