-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dominik George Fingerprint: 8BC7 ABAB C2F2 4D5E 24FC FC1C DB0E A4BC E210 7412 GnuPG Signature Policy ====================== Preamble ======== The following paragraphs describe the procedure, preconditions and possible results of me signing data or keys. Data Signing ============ All emails sent from any of my PGP key's UIDs are signed. This does not depend on the quality of the data but is a default measure. Apart from that, Debian packages and other code may be signed with my key. Please report any invalid signatures you discover! Exceptions to this rule occur when I use a webmail client from a public machine. Key Signing =========== For signing keys, I use the same key as for signing data. To ensure the validity of the web of trust, I stick strictly to the following points: * In most cases, personal validation is required to obtain a signature from me. In any case, this is required for anthing higher than a sig1. Personal validation means that a government issued document containing the full name and a photo must be presented to me at an eye-to-eye meeting. * Fingerprints and UIDs of the key(s) to be signed must be provided in a re- liable and readable way. During personal validation, a printed version of all UIDs and the key fingerprint should be provided. * In rare cases, I also sign keys without personal validation. The only circumstance for this is a case where a team is working on code and indivi- duals on this team should be connected through a web of trust. Without personal validation, a sig1 is issued. * A sig3 is only issued to keys of persons whom I ultimately trust on a human basis, this is limited to close friends and people that have proven reliabi- lity and knowledge of the web of trust in other areas (like, but not limited to, CAcert, etc.). * In order to obtain a sig3, basic knowledge of these terms should be shown. This document is a draft and will be extended over time, without rendering the current content invalid. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQHOBAEBAgA4BQJOVOtGMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQ2w6kvOIQdBLOLQwAjVOuiPajzr/aJOMqsOGf I5/fD0Vlwqb01UNEkEalge6aJVAe0D8LtYIoJFSVY3iX0w1U0m1MfKlDsvuI0I3V veK7ZcbCQtIfFBUGR6FRXPdClVu32ZS3kBjEFL9OqRzadW5v/Ma4wNQX8Sx7w7+L ca5Zf9jRMG2CklZy3kki9PFgK3cX/3DdSS6Yy/5WqeVV/2Bbs1XCOOAs7aIrYg7x 8rOoEJ5JfzWvN5Db0t7qDhkRVOV0YHhIyZeChffOb5c9xXKoe0dJlNQ5zpkRuFdV BtmjQuAjGB1/qOnA3Fhq6Gsdj7bhf4WgFGC9kp6UuEDYXyvrPlD08UrfOGSJ6ITL hLUwzoqajBqiW4h2ZiuONY7WIuEErG6MTlWEO9SKMDHwfeKkaJ8MCVb3ArLeWmDB yllwFqDrkkhVAsuct4lpG8c5XhRiYIW8WeXIcUqRdNrXXEx8jRySDiTUiqLF9/5N HGlNsDbOkBhHFX1LTxKLqYUg+jYxaFzR3QoxiV9ae71A =a6hT -----END PGP SIGNATURE-----