-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dominik George Old key: AC8D E64A 5552 2BF8 B0A7 5B53 064E 42A6 EFDF EB57 Old key: F1CC 2CE0 694F A6FF 31E7 EBB7 E976 F232 7373 6DED Current key: BA9A 6278 587C 8EFB 1DD3 935A B526 D09D B4DE 325A GnuPG Signature Policy ====================== Preamble ======== The following paragraphs describe the procedure, preconditions and possible results of me signing data or keys. Data Signing ============ All emails sent from any of my PGP key's UIDs are signed using PGP/MIME. This does not depend on the quality of the data but is a default measure. Apart from that, Debian/Ubuntu packages and other code may be signed with my key. Please report any invalid signatures you discover! Exceptions to this rule occur when I use a webmail client from a public machine. Key Signing =========== For signing keys, I use the same key as for signing data. To ensure the validity of the web of trust, I stick strictly to the following points: * In most cases, personal validation is required to obtain a signature from me. In any case, this is required for anthing higher than a sig1. Personal validation means that a government issued document containing the full name and a photo must be presented to me at an eye-to-eye meeting. * Fingerprints and UIDs of the key(s) to be signed must be provided in a re- liable and readable way. During personal validation, a printed version of all UIDs and the key fingerprint should be provided. * In rare cases, I also sign keys without personal validation. The only circumstance for this is a case where a team is working on code and indivi- duals on this team should be connected through a web of trust. Without personal validation, a sig1 is issued. * A sig3 is only issued to keys of persons whom I ultimately trust on a human basis, this is limited to close friends and people that have proven reliabi- lity and knowledge of the web of trust in other areas (like, but not limited to, CAcert, etc.). * In order to obtain a sig3, basic knowledge of these terms should be shown. This document is a draft and will be extended over time, without rendering the current content invalid. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQJJBAEBAgAzBQJNuTcKLBpodHRwOi8vd3d3Lm5hdHVyYWxuaWsuZGUvZ3BnLXBv bGljeS50eHQuYXNjAAoJELUm0J203jJapEYP/iHE0U8gAMr/wdfNtScAL23fL5b7 RvKJVUfrVk0HHK1dxTO8wtL5Ve/XXdzJ5F5tz64sjYoQ0teYQFB9tX2DwFk3or+U T6mtlUssTCiuR3Rv+h+Ym3w1bIMldOKV6Gxeos6FxN9XISFu4tq/7NWMnFdkri7J S0G8hUD/EAQ9bdYR54abNZvRkfKGwz1OTd3HLF+j1+/jEt04GeuKYXWr5iaDgSgz AMormtfgDX5D3WkPAo0fQgsvI6NO+vnpaB9e1axKygs7BaRgyLEWpAkdb/eGLSpY UvljeL5Kyncx1o7NwZB7sP100LaI8ACXgrMD7YFk7Jdbs3sVC45WqyLFgcdtHA2w WN+iB3Oe0JM1ekN5kFdSBMgyE/0Yko3AQdHwaUzzgcyZR4MhhCqHSOr99gqtAAaJ P5PRwQ1M0xSFv4sCOt20f8xsFC8x3WhKWYWZIFJabCNFdFzKT3Dd0oy5cZyXR1tS qCk6Uzd9c71ItiJ1YGT/55LqBXTNppwc4vVs4/O2zikHyZnPnxqjYMOOvxFwZeEK vceC7XYCSulTGsF77p7IUJjMqcYAQMjsUlD0b4rPqz9PsGpOQdD7UYYdHyf22TiX 5RqoGpKtO+yvTwtZProaZNXv0wx7E5J83Mrna+vASXzHFzSTg79hMZnQ51LwqXVn zDz2x3yYjoWl4OAd =gcaT -----END PGP SIGNATURE-----