-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ## pgp policy =================================================================== OpenPGP key signing policy for Tomáš Pospíšek Fingerprint: 1482 937E ADEF FBB9 2326 9A8C EEBA 150C 2977 4B39 Policy URL: https://tpo.sourcepole.ch/bits/OpenPGP_key_signing_policy/EEBA150C29774B39.policy.txt Policy KEY: https://tpo.sourcepole.ch/bits/OpenPGP_key_signing_policy/EEBA150C29774B39.asc Created: 2018-11-28 Updated: 2026-05-16 =================================================================== This document explains my personal policy when signing PGP keys. KEY INFORMATION sec# rsa4096/0xEEBA150C29774B39 2014-11-12 [SC] Key fingerprint = 1482 937E ADEF FBB9 2326 9A8C EEBA 150C 2977 4B39 uid [ultimate] Tomas Pospisek uid [ultimate] Tomas Pospisek ssb> rsa4096/0x035E6ED3DF5BF61C 2014-11-12 [E] ssb> rsa4096/0x261F139080E51458 2014-11-12 [E] POLICY +------+---------------------------------------------------------+ | TYPE | SIGNATURE TYPE AND WHAT IT MEANS | +------+---------------------------------------------------------+ | sig0 | UNDEFINED Signature type | | | My older signatures did not have any level. Please | | | contact me if you want to have your key resigned with | | | some signature level. | +------+---------------------------------------------------------+ | sig1 | WEAK Signature type | | | I have signed this key without meeting the person face | | | to face, but have determined that they are almost | | | certainly the owner of this key. This signature type | | | is rarely used, but might indicate that I have verified | | | the key is owned by a particular project maintainer and | | | that key was used to sign a unique email to me and | | | to decrypt a message from me correctly. | +------+---------------------------------------------------------+ | sig2 | MEDIUM Signature type | | | I have met this person (or verified in some unambiguous | | | way for a group key or pseudonym). I may or may not | | | have checked their government ID. I have checked the | | | PGP fingerprint. I have also confirmed that they can | | | decrypt messages sent to the email address listed and | | | sign messages using this key. | +------+---------------------------------------------------------+ | sig3 | STRONG Signature type | | | I have met this person face-to-face and carefully | | | checked their PGP fingerprint and that the name on this | | | key ID matches the name on their government ID. I have | | | also confirmed that they can decrypt messages sent to | | | the email address listed and sign messages using | | | this key. | | | Note that my ability to dependably verify governement | | | IDs, in particular foreign ones is quite close to zero. | | | So the value of me verifying an ID is of doubtful | | | value. | +------+---------------------------------------------------------+ PROCEDURE Key fingerprint and UID is checked according to the policy above. SECURITY I try to keep my computing environment clean and up to date. ACKNOWLEDGMENTS This policy is based on the one by Jonathan Cross (https://jonathancross.com/C0C076132FFA7695.policy.txt). Thanks a lot Jonathan for your nice template! -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEFIKTfq3v+7kjJpqM7roVDCl3SzkFAmoIkRwACgkQ7roVDCl3 Szmd0A//QHZ0uqxixlCiU3quJ4Xy7IUpNHDcj1YoUMI7R98sDgqgPG9o16FqRKuW WL82PQEi37bBOHwop2k3tZpYUo97+J9r3IgZaMLg6mgH+qSGOdqEeOim5h3e83Aj /fwKYN/tsZwsD3ZqbcqhkNfhDBLJws7GvBvfWohU54ZxZRfDXfgYC0pQLYPWGNFo 897lMb2KCfqyLRoGrGreE/FvHQzIPH50zP9LGrMVBciEkpaJx9FH5k7Fhwgd2jtK 7yhZ6f3sOmUdQ5XylAJw4KHx+NYF7ntajJPqe/8yCeuMJ1iKkNOVoQXLPpvn0qYd MEpWTfgBo8jX28Gn/g2vUhKFaOCrl0DkzGAQA9Ar7i21Z7lyGChfUpr3Ea48zroV zDhYD3y2B9AF0gfJg+hGgmYIxJ1ByGhYJzOkxuFVNY2x2PUpMZ50Uh2roVpuOZdx sXgu9cdwMx+JmhP6ffhvrub3R1VBNPbp4CsCHzKfFj15X4/inoDYKj+0E5pUANqp AjJlCDg66gEgVTHCyINAI9llwJItXUOCVb3R6GxBD84vzrUtUYveY/TYL1Vp3Qy7 tv2up6H/gtj1lTb0E9++cdT9YlR4bL0/iqYlurCZB8FwOt5WCuX4T2Lwsl48T/h2 c+MkNizD0/5c0r4G75o/QNwTEMwx/WaVsRu128M+4o1pjXy9uX4= =1i10 -----END PGP SIGNATURE-----