[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] GPG keysigning?

* martin f krafft <madduck@debconf.org> [2009-06-25 04:21-0400]:
> > The government IDs are relevant because when we're collaborating
> > on an OS where there's minimal code review of the work done by
> > maintainers and a well-chosen malicious package could cause
> > millions or billions of dollars in damage to our users, we[1] want
> > to be able to hold someone accountable in the real world.  Not an
> > "identity", but a physical person that we can prosecute and send
> > to jail.
> I challenged this and have not heard anything else. How exactly do
> you think Debian would sue me, assuming I am in Switzerland, or
> let's say Russia, Korea, or Senegal?

I think asking a handful of non-lawyers for the exact technical details
about how the Debian project would go about suing you is not a
particularly interesting question. You can sit back and watch a bunch of
amateur-pseudo legal scholars try and provide you with some rationale
and then a few days later point out that nobody knows what they are
talking about because they aren't lawyers. I would argue that your
question wasn't answered because it isn't the right question, it misses
the point. 

But to entertain you... Switzerland its relatively easy due to the
Mutual Legal Assistance Treaty (MLAT)[0] that has been signed by most
European, and American countries. In some place like North Korea or
Senegal, things are a little different. Probably what the Debian project
would do is to revoke your access, which is based on your OpenPGP key,
and then issue a Free Software Fatwah (FFF) on your ass and a lot of
geeks are going to have a good time chasing you down. The world is big,
but we have friends in a lot of places. 


0. http://en.wikipedia.org/wiki/Mutual_Legal_Assistance_Treaty note, the
US Government list of signatories is currently a 404, but interestingly
is running debian:

Attachment: signature.asc
Description: Digital signature

Reply to: