Lars Wirzenius | 4 Feb 20:38 2003
Picon
Picon

Debian keyring analysis

I was bored at work today, and wrote a quick-and-dirty Python script for
analyzing the Debian keyrings. Specifically, I wanted to know how
strongly connected the keys in Debian's keyring are. A strongly
connected set of keys is such where all keys in the set are reachable
via signatures from all other keys in the set. Thus, if A signs B, and B
signs A and C, but C doesn't sign anything, then A and B form a strongly
connected set (A is reachable from B and B is reachable from A), but C
is not included in that set (C is reachable from B, but not vice versa).

Anyway, according to this version of the script, we have one large
strongly connected set (769 keys), a few smaller ones, and 487 single,
unconnected keys:

   sets keys in set
    487 1
     14 2
      2 3
      1 4
      2 5
      1 7
      1 769

I'm not sure these results are useful, but it might be worthwhile to
think about whether more keys should be in the strongly connected set. 

I'm sure many of them could be strongly connected with little effort.
For example, my new key is signed by my old key which used to be in the
keyring, but since the old key has been removed there is now no strong
connection between my new key and the big strong group. (I'll rectify
this by signing Richard Braakman's key, or something.)
(Continue reading)

Joachim Breitner | 4 Feb 21:35 2003
Picon

Re: Debian keyring analysis

Hi,

Am Die, 2003-02-04 um 20.38 schrieb Lars Wirzenius:
> I'm sure many of them could be strongly connected with little effort.

I would suggest to put in the new maintainer key singing text that theh
new maintainer should also sign the person's key that signs the nm's
key. I forgot to ask the person that signed my key to bring his
fingerprint, so now my key is (probably) reachable from most debian
keys, but I can't "reach" any of those keys. So I would recommend to
explicitly recommend to sign keys boths ways when having a new
maintainer getting his key signed.

Joachim

(Before you wonder why my key is not in the debian keyring: I'm sill in
the nm process)
--

-- 
Joachim Breitner 
  e-Mail: mail <at> joachim-breitner.de | Homepage: http://www.joachim-breitner.de
  JID: joachimbreitner <at> amessage.de | GPG-Keyid: 4743206C | ICQ#: 74513189
  Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V?
            PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z?
Terrorists can take my life.
Only the government can take my freedom.
Peter Palfrader | 4 Feb 22:49 2003
Picon

Re: Debian keyring analysis

On Tue, 04 Feb 2003, Lars Wirzenius wrote:

> I was bored at work today, and wrote a quick-and-dirty Python script for
> analyzing the Debian keyrings.

You are awayre of http://people.debian.org/~weasel/weboftrust/ ?

					yours,
					peter
--

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/
Lars Wirzenius | 7 Feb 22:49 2003
Picon
Picon

Re: Debian keyring analysis

ti, 04-02-2003 kello 23:49, Peter Palfrader kirjoitti:
> On Tue, 04 Feb 2003, Lars Wirzenius wrote:
> 
> > I was bored at work today, and wrote a quick-and-dirty Python script for
> > analyzing the Debian keyrings.
> 
> You are awayre of http://people.debian.org/~weasel/weboftrust/ ?

Nope, I wasn't, thanks for the link. If I understood correctly, that
page lists statistics for the which keys in the strongly connected set
are closer to other keys than others. It doesn't explicitly list the
keys that are not in the strongly connected set.

I'm not very good at GPG/PGP web-of-trust things. Would it be good to
try to include all keys in Debian's keyring in the strongly connected
set? This should strengthen they web-of-trust within Debian, yes?

Martin Michlmayr | 8 Feb 03:45 2003

Re: Debian joins Desktop Linux Consortium

* Martin Schulze <joey <at> infodrom.org> [2003-02-07 18:54]:
> The Debian Project is a founding member of the Desktop Linux
> Consortium (DLC)

I'm wondering where this was discussed and decided.

--

-- 
Martin Michlmayr
tbm <at> cyrius.com

Bdale Garbee | 8 Feb 05:04 2003
Picon

Re: Debian joins Desktop Linux Consortium


tbm <at> cyrius.com (Martin Michlmayr) writes:

> * Martin Schulze <joey <at> infodrom.org> [2003-02-07 18:54]:
>> The Debian Project is a founding member of the Desktop Linux
>> Consortium (DLC)
>
> I'm wondering where this was discussed and decided.

I got a direct email from the organizers of the consortium while I was
traveling, asking if Debian would like to participate.  I found Colin 
Walters on IRC and asked for his opinion.  Neither of us could see any 
reason to say no, so I accepted the invitation.

What the consortium is actually going to do is a little nebulous at the 
moment.  With membership carrying no known negative consequences, the 
chance for Debian to participate in setting the direction and scope of 
activities as a member seems like a good thing.  

Bdale
Christian Surchi | 8 Feb 12:54 2003
Picon

Re: Debian joins Desktop Linux Consortium

On Fri, Feb 07, 2003 at 09:04:29PM -0700, Bdale Garbee wrote:
> I got a direct email from the organizers of the consortium while I was
> traveling, asking if Debian would like to participate.  I found Colin 
> Walters on IRC and asked for his opinion.  Neither of us could see any 
> reason to say no, so I accepted the invitation.

WOW! A new l33t cabal! :P

--

-- 
Christian Surchi, csurchi <at> debian.org, christian <at> firenze.linux.it |   ICQ     
www.debian.org - www.softwarelibero.it - www.firenze.linux.it    | 38374818
Another megabytes the dust.

Chris Waters | 8 Feb 20:51 2003
Picon

Re: Debian joins Desktop Linux Consortium

On Sat, Feb 08, 2003 at 12:54:27PM +0100, Christian Surchi wrote:
> On Fri, Feb 07, 2003 at 09:04:29PM -0700, Bdale Garbee wrote:
> > I found Colin Walters on IRC and asked for his opinion.  Neither of us
> >  could see any reason to say no, so I accepted the invitation.

> WOW! A new l33t cabal! :P

Oh no, the duly elected DPL made a simple, straightforward decision.
It must be an evil plot!  :D

--

-- 
Chris Waters           |  Pneumonoultra-        osis is too long
xtifr <at> debian.org       |  microscopicsilico-    to fit into a single
or xtifr <at> speakeasy.net |  volcaniconi-          standalone haiku

Peter Palfrader | 9 Feb 00:30 2003
Picon

Re: Debian keyring analysis

On Fri, 07 Feb 2003, Lars Wirzenius wrote:

> ti, 04-02-2003 kello 23:49, Peter Palfrader kirjoitti:
> > On Tue, 04 Feb 2003, Lars Wirzenius wrote:
> > 
> > > I was bored at work today, and wrote a quick-and-dirty Python script for
> > > analyzing the Debian keyrings.
> > 
> > You are awayre of http://people.debian.org/~weasel/weboftrust/ ?
> 
> Nope, I wasn't, thanks for the link. If I understood correctly, that
> page lists statistics for the which keys in the strongly connected set
> are closer to other keys than others. It doesn't explicitly list the
> keys that are not in the strongly connected set.

Not yet.  I've wanted to do this for a long time but never got around.
And Martin stopped kicking me about it as well :).

> I'm not very good at GPG/PGP web-of-trust things. Would it be good to
> try to include all keys in Debian's keyring in the strongly connected
> set? This should strengthen they web-of-trust within Debian, yes?

Yes and Yes.

cu
Peter
--

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
(Continue reading)

Manoj Srivastava | 9 Feb 06:32 2003
X-Face
Picon

Re: Debian joins Desktop Linux Consortium

>>"Christian" == Christian Surchi <csurchi <at> debian.org> writes:

 > On Fri, Feb 07, 2003 at 09:04:29PM -0700, Bdale Garbee wrote:
 >> I got a direct email from the organizers of the consortium while I was
 >> traveling, asking if Debian would like to participate.  I found Colin 
 >> Walters on IRC and asked for his opinion.  Neither of us could see any 
 >> reason to say no, so I accepted the invitation.

 > WOW! A new l33t cabal! :P

	You are displaying a profound ignorance of what a dpl actually
 does. 

	manoj
--

-- 
Once there was this conductor see, who had a bass problem.  You see,
during a portion of Beethovan's Ninth Symphony in which there are no
bass violin parts, one of the bassists always passed a bottle of
scotch around.  So, to remind himself that the basses usually required
an extra cue towards the end of the symphony, the conductor would
fasten a piece of string around the page of the score before the bass
cue.  As the basses grew more and more inebriated, two of them fell
asleep.  The conductor grew quite nervous (he was very concerned about
the pitch) because it was the bottom of the ninth; the score was tied
and the basses were loaded with two out.
Manoj Srivastava   <srivasta <at> debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

(Continue reading)


Gmane