This article is from the PGP FAQ, by Jeff Licquia firstname.lastname@example.org with numerous contributions by others.
Signing someone's key is your indication to the world that you believe
that key to rightfully belong to that person, and that person is who
he purports to be. Other people may rely on your signature to decide
whether or not a key is valid, so you should not sign capriciously.
Some countries require respected professionals such as doctors or
engineers to endorse passport photographs as proof of identity for a
passport application - you should consider signing someone's key in
the same light. Alternatively, when you come to sign someone's key,
ask yourself if you would be prepared to swear in a court of law as to
that person's identity.
Remember that signing a person's key says nothing about whether you
actually like or trust that person or approve of his/her actions.
It's just like someone pointing to someone else at a party and saying,
"Yeah, that's Joe Blow over there." Joe Blow may be an ax murderer;
you don't become tainted with his crime just because you can pick him
out of a crowd.