This document contains the policy for signing other pgp keys with the key:

pub 1024D/FEEDABEE 2010-05-10 Key fingerprint = 156A AE98 B91F 0114 FE88 2BD8 C459 9386 FEED ABEE uid halfdog -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 mQGiBEvoATMRBAC/BXfqIba5OQZVw3c69tF8EL34BWa5c5FbUEX49lzz8RVC/fQ9 yHvu7L5OYMkxsysSpBWIEYb8OuQtMyuuX/WEuvwtk07PR5j7g7RJKQPEJCRBfW8V UHM839nj16UuWo7BF1H/yBRs5EMFX5c6Lkjhb85BtWR5dHmVB8jux81s7wCgk80f UheeVZLk0lcoSIuGMMsp0z8EAK1fU+oPVfuqxt+CA5S2U+Y2AxxP/ZuAV5XHEqmC TA+62q9qAblY8SbfavlpDu9k1mTVU+4UxCjZ7YEVxMjGIh8Q9U0OGnolAj3YKMAr dg5wRayQYiuHqZgs6NWmCBGuinpeMWNEQqOi51qrDGPoPpHCMk1e0hFXLgRrVI5J v8fmBAC6R31w2cDyTWBQXq1MMz2Qpa36NdNdZKP1wuEYG7ZD+EDefqxLxCBIStrI FI0xk5s/sL5+aNwPMVkOw2QhwP57tN3jofYtz1Fd/niz7b5lMBK0FoQxpoy/9vdQ yBy1OIyyYbCF/4zz12al62U4tceaLQKnybds9UgHF7NamZkxIbQYaGFsZmRvZyA8 bWVAaGFsZmRvZy5uZXQ+iJIEExECAFICGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX gDEaaHR0cDovL3d3dy5oYWxmZG9nLm5ldC9TZXJ2aWNlL1BncEtleVBvbGljeS5o dG1sBQJL6F/GAAoJEMRZk4b+7avurnEAn1OcLqsz69STw3zEVhxBmHh1dHALAJ4m A2O1yLDQgFbNAAZEtDTfT7qlHw== =fCgD -----END PGP PUBLIC KEY BLOCK-----

When signing keys of other users, I create trust signatures using the following scheme:

Highest trust level (3):

I will create signatures of this level only under these conditions:

• I know the owner of a key or one of the owners of a group key for more than one year and had frequent, direct communication with that identity using the key, so that I have full trust in the identity of the owner or the group
• I have verified, that the identity has control over the key
• I am highly confident, that the owner of the key or all shared owners of a group key have the technical means and knowledge to protect the private key against data theft effectively

Medium trust level (2):

• I know the owner of a key or one of the owners of a group key had frequent, direct communication with that identity using the key, so that I have reasonable trust in the identity of the owner or the group
• I have verified, that the identity has control over the key
• I am quite confident, that the owner of the key or all shared owners of a group key have the technical means and knowledge to protect the private key against data theft effectively

Low trust level (1):

• I know the owner of a key or one of the owners of a group key and had some direct communication with that identity using the key or know about communication of other trusted identities, that had communicated with that identity using their keys, e.g. via signed messages in public mailing lists. Hence I have some trust in the identity of the the owner of the key or the group
• I have verified, that the identity has control over the key
• I am confident, that the owner of the key or all shared owners of a group key have the technical means and knowledge to protect the private key against data theft effectively

Highest trust level (3):

• Close friend with solid IT-security background: I know him since many years, we meet quite frequently, many people I trust are trusting him also. I have no doubt that he has control over his key and knowledge to keep it safe.
• Ubuntu Package Maintainers: If they would ask me to sign one of their keys, I would do it using the highest trustlevel, since I trust their operating system, I trust many community members, who again trust the ubuntu group and their key. Also I do not know about any key security breaches and think they will sufficiently protect their key.

Low trust level (1):

• Some open source community member, e.g. spare time postgres database developer: It seems that he uses his key for quite some time, the key is connected to a digital identity, e.g. mail account or ubuntu launchpad account for a while. His work (source code) might included in the standard postgres release, there is no indication that his key or digital identity was stolen and is used by another person.