{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T18:28:28Z","timestamp":1742927308428,"version":"3.40.3"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319577340"},{"type":"electronic","value":"9783319577357"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The Debian project is one of the largest free software undertakings worldwide. It is geographically distributed, and participation in the project is done on a voluntary basis, without a single formal employee or directly funded person. As we will explain, due to the nature of the project, its authentication needs are very strict\u2014User\/password schemes are way surpassed, and centralized trust management schemes such as PKI are not compatible with its distributed and flat organization; fully decentralized schemes such as the PGP Web of Trust are insuficient by themselves. The Debian project has solved this need by using what we termed a \u201ccurated Web of Trust\u201d.<\/jats:p><jats:p>We will explain some lessons learned from a massive key migration process that was triggered in 2014. We will present the social insight we have found from examining the relationships expressed as signatures in this curated Web of Trust, some recommendations on personal key-signing policies, and a statistical study and forecast on aging, refreshment and survival of project participants stemming from an analysis on their key-handling.<\/jats:p>","DOI":"10.1007\/978-3-319-57735-7_12","type":"book-chapter","created":{"date-parts":[[2017,4,22]],"date-time":"2017-04-22T05:20:10Z","timestamp":1492838410000},"page":"117-127","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Progression and Forecast of a Curated Web-of-Trust: A Study on the Debian Project\u2019s Cryptographic Keyring"],"prefix":"10.1007","author":[{"given":"Gunnar","family":"Wolf","sequence":"first","affiliation":[]},{"given":"V\u00edctor","family":"Gonz\u00e1lez Quiroga","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,4,23]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Aalen, O.: Nonparametric inference for a family of counting processes. In: The Annals of Statistics, pp. 701\u2013726 (1978)","DOI":"10.1214\/aos\/1176344247"},{"issue":"6","key":"12_CR2","doi-asserted-by":"publisher","first-page":"716","DOI":"10.1109\/TAC.1974.1100705","volume":"19","author":"H Akaike","year":"1974","unstructured":"Akaike, H.: A new look at the statistical model identification. IEEE Trans. Autom. Control 19(6), 716\u2013723 (1974). doi:10.1109\/TAC.1974.1100705","journal-title":"IEEE Trans. Autom. Control"},{"key":"12_CR3","unstructured":"Cederl\u00f6f, J.: Dissecting the leaf of trust (2004). http:\/\/wwwlysator.liu.se\/~jc\/wotsap\/leafoftrust.html"},{"key":"12_CR4","unstructured":"Chiang, C.L.: Life table and its applications. In: Life Table and its Applications. Robert E. Krieger Publishing (1984)"},{"key":"12_CR5","unstructured":"Fern\u00e1ndez-Sanguino, J., et al.: A Brief History of Debian (1997\u20132015). https:\/\/www.debian.org\/doc\/manuals\/project-history\/, Accessed 22 Dec 2016"},{"issue":"1","key":"12_CR6","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1016\/0020-0190(89)90102-6","volume":"31","author":"T Kamada","year":"1989","unstructured":"Kamada, T., Kawai, S.: An algorithm for drawing general undirected graphs. Inf. Process. Lett. 31(1), 7\u201315 (1989)","journal-title":"Inf. Process. Lett."},{"issue":"282","key":"12_CR7","doi-asserted-by":"publisher","first-page":"457","DOI":"10.1080\/01621459.1958.10501452","volume":"53","author":"EL Kaplan","year":"1958","unstructured":"Kaplan, E.L., Meier, P.: Nonparametric estimation from incomplete observations. J. Am. Stat. Assoc. 53(282), 457\u2013481 (1958)","journal-title":"J. Am. Stat. Assoc."},{"key":"12_CR8","doi-asserted-by":"publisher","DOI":"10.1007\/b97377","volume-title":"Survival Analysis: Statistical Methods for Censored and Truncated Data","author":"JP Klein","year":"2003","unstructured":"Klein, J.P., Moeschberger, M.L.: Survival Analysis: Statistical Methods for Censored and Truncated Data. Springer, New York (2003). doi:10.1007\/b97377"},{"key":"12_CR9","doi-asserted-by":"publisher","unstructured":"Muller, H.-G., Wang, J.-L.: Hazard rate estimation under random censoring with varying kernels and bandwidths. In: Biometric, pp. 61\u201376 (1994). doi:10.2307\/2533197","DOI":"10.2307\/2533197"},{"key":"12_CR10","unstructured":"Penning, H.P.: Analysis of the strong set in the PGP web of trust (2015). http:\/\/pgp.cs.uu.nl\/plot\/"},{"issue":"3","key":"12_CR11","doi-asserted-by":"publisher","first-page":"539","DOI":"10.1093\/biomet\/61.3.539","volume":"61","author":"RL Prentice","year":"1974","unstructured":"Prentice, R.L.: A log gamma model and its maximum likelihood estimation. Biometrika 61(3), 539\u2013544 (1974)","journal-title":"Biometrika"},{"issue":"3","key":"12_CR12","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1093\/biomet\/62.3.607","volume":"62","author":"RL Prentice","year":"1975","unstructured":"Prentice, R.L.: Discrimination among some parametric models. Biometrika 62(3), 607\u2013614 (1975)","journal-title":"Biometrika"},{"key":"12_CR13","series-title":"IFIP \u2014 The International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-0-387-72486-7_10","volume-title":"Open Source Development, Adoption and Innovation","author":"G Robles","year":"2007","unstructured":"Robles, G., Due\u00f1as, S., Gonzalez-Barahona, J.M.: Corporate involvement of libre software: study of presence in Debian Code over time. In: Feller, J., Fitzgerald, B., Scacchi, W., Sillitti, A. (eds.) OSS 2007. ITIFIP, vol. 234, pp. 121\u2013132. Springer, Boston, MA (2007). doi:10.1007\/978-0-387-72486-7_10"},{"key":"12_CR14","unstructured":"Smart, N.: ECRYPT II Yearly Report on Algorithms and Keysizes (2011\u20132012). Technical report 7th Framework Programme, European Commission (2012). http:\/\/www.ecrypt.eu.org\/ecrypt2\/documents\/D.SPA.20.pdf, Accessed 14 Jan 2016"},{"key":"12_CR15","unstructured":"SPI et al. Debian GNU\/HURD (1997\u20132016). https:\/\/www.debian.org\/ports\/kfreebsd-gnu\/, Accessed 22 Dec 2016"},{"key":"12_CR16","unstructured":"SPI et al. Debian GNU\/kFreeBSD (1997\u20132016). https:\/\/www.debian.org\/ports\/kfreebsd-gnu\/, Accessed 22 Dec 2016"},{"key":"12_CR17","unstructured":"Synchronizing Key Servers. SKS OpenPGP Keyserver statistics (2016). http:\/\/pool.sks-keyservers.net:11371\/pks\/lookup?op=stats, Accessed 31 Dec 2016"},{"key":"12_CR18","series-title":"Springer series in statistics","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28158-2","volume-title":"Modeling Discrete Time-to-Event Data","author":"G Tutz","year":"2016","unstructured":"Tutz, G., Schmid, M.: Modeling Discrete Time-to-Event Data. Springer series in statistics. Springer, Cham (2016). doi:10.1007\/978-3-319-28158-2"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1007\/978-3-642-23822-2_27","volume-title":"Computer Security \u2013 ESORICS 2011","author":"A Ulrich","year":"2011","unstructured":"Ulrich, A., Holz, R., Hauck, P., Carle, G.: Investigating the OpenPGP web of trust. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 489\u2013507. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-23822-2_27"},{"key":"12_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/01611194.2015.1126660","volume":"41","author":"G Wolf","year":"2017","unstructured":"Wolf, G., Gallegos-Garc\u00ed, G.: Strengthening a curated web of trust in a geographically distributed project. Cryptologia 41, 1\u201316 (2017). http:\/\/www.tandfonline.com\/doi\/full\/10.1080\/01611194.2016.1238421","journal-title":"Cryptologia"},{"key":"12_CR21","unstructured":"Zimmerman, P.R.: Why I Wrote PGP (1991). https:\/\/www.philzimmermann.com\/EN\/essays\/WhyIWrotePGP.html"}],"container-title":["IFIP Advances in Information and Communication Technology","Open Source Systems: Towards Robust Practices"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-57735-7_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T14:06:37Z","timestamp":1689084397000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-57735-7_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319577340","9783319577357"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-57735-7_12","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"23 April 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"OSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Open Source Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Buenos Aires","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Argentina","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 May 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"oss2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/oss2017.lifia.info.unlp.edu.ar\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}