also sprach Steve Langasek <vorlon@debian.org> [2009.06.25.0703 +0200]: > > You are putting *way* too much weight and importance into the > > government-issued document, and basically none into the identity of > > the holder. Seriously: we're supposed to be certifying identities, > > not the authenticity of a government document. > > I thought this was suitably rebutted years ago after the DC6 > keysigning. I don't recall. Do you have a link to the suitable rebuttal? > The government IDs are relevant because when we're collaborating > on an OS where there's minimal code review of the work done by > maintainers and a well-chosen malicious package could cause > millions or billions of dollars in damage to our users, we[1] want > to be able to hold someone accountable in the real world. Not an > "identity", but a physical person that we can prosecute and send > to jail. I challenged this and have not heard anything else. How exactly do you think Debian would sue me, assuming I am in Switzerland, or let's say Russia, Korea, or Senegal? -- .''`. martin f. krafft <madduck@debconf.org> : :' : DebConf orga team; press officer `. `'` `- DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org don't hate yourself in the morning -- sleep till noon.
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)