[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] GPG keysigning?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

martin f krafft wrote:
>> The government IDs are relevant because when we're collaborating
>> on an OS where there's minimal code review of the work done by
>> maintainers and a well-chosen malicious package could cause
>> millions or billions of dollars in damage to our users, we[1] want
>> to be able to hold someone accountable in the real world.  Not an
>> "identity", but a physical person that we can prosecute and send
>> to jail.
> 
> I challenged this and have not heard anything else. How exactly do
> you think Debian would sue me, assuming I am in Switzerland, or

He didn't say that debian will sue you. He said that there should be a
possibility to keep you accountable as a real *person*. Others might sue
you, and depending on the amount of damage you incur they will sue you
in Switzerland or in other countries.

It is true that the internet and computing have made it easier to commit
crimes across borders (and to blur the evidence). IMHO that does not
imply that debian should stop 'conventional' ID checks in addition to
other means of checking the identity of its developers.

Cheers,
Johannes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpDORkACgkQC1NzPRl9qEXdqwCffBxdLHizVmDTZqk1sLljnntq
bioAn3E4Cf3mvlQgaIaiThnF8WAlWowP
=Ii9H
-----END PGP SIGNATURE-----
Reply to: