[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

Steve Langasek <vorlon@debian.org> writes:

>> What do you think we get by having the signed ID?  What advantages
>> accrue to Debian by having this check that someone's real name is what
>> we think it is?
>
>> I think it's a good thing, I agree with our practice, but I'm not sure
>> what vast security hole is suddenly opened up here.  If we found out
>> that the person who has been a faithful and valuable developer, under
>> the name "Martin Krafft" is not the real Martin Krafft, what should we
>> do?  Go find the real Martin Krafft and make him a developer?
>
> I thought the obvious answer here would be to kick this person out of the
> project for breaching the project's trust.  Can you think of a reason why it
> would be ok for someone to lie to us about their real name?

Oh, that's fine, but then I don't see exactly what Manoj is bothered
by.  It seems like he ought to be on Martin's side here, they are both
worried about the same thing: that people are a little too lax in
checking IDs', particularly at giant KSPs.

Thomas
Reply to: