Re: more developer identity stuff
>>"Ossama" == Ossama Othman <email@example.com> writes:
Ossama> On 23 Aug 1998, Manoj Srivastava wrote:
>> Well, you realize that lack of trust also is reciprocated ;-(
>> Right now, I am thinking that I don't know you at all, and your lack
>> of trust in us engenders a like lack of trust in me, at least, and I
>> am unsure about having someone I distrust put code on my production
Ossama> Somehow I thought you would respond to me in such a fashion,
Well, that certainly colours me predictable, though I am
certain you meant more than just that. However, I am at a loss as to
what other atrributes you are implying; could you elaborate?
Ossama> I understand why Debian wants to verify a potential
Ossama> developers identity, and that there is no reason to trust me
Ossama> at all since no one really knows me. I have no problem with
Ossama> Debian's policy regarding a developer's identity because, for
Ossama> the most part, it admittedly makes sense.
I am glad we agree.
Ossama> However, most people have problems with sending official
Ossama> documents to people who they don't know, as some of the
Ossama> Debian developers themselves have stated with regard to this
Ossama> thread of discussion.
Really? Anyway, you are not supposed to send official
documents, just copies of official documents are sufficient. I
understand your reluctance about sending actual licenses or other
documents to strangers; I would not either. A copy should be fine.
In the united stats, the drivers license is public
information, and the phone books contain phone numbers and
addresses. Everytime I open a bank account, or try to go back to
India or any other country, I show my passport. I have little
problems disseminating the informatoin therein; it is mostly public,
anyway, and I trust the project not to misuse the information.
Ossama> I wanted to become a developer because I wanted to contribute
Ossama> to Debian because I like the Debian distribution(s) and
Ossama> because I thought that it would be nice "give something back"
Ossama> to Debian; however, not at the cost of divulging "sensitive"
Ossama> information. I may be paranoid, but then so are the rest of
Ossama> the developers that agree with me.
If you indeed consider your drivers license "sensitive"
information, you need to get your PGP key signed. Personally, I
refuse to sign keys unless I see two forms of photo ID, but your
mileage may vary.
Ossama> You also mentioned issues about snail mail and telephone
Ossama> numbers. I do agree with you about those issues. It is
Ossama> great that you stand behind your work, especially since I use
Ossama> your work. ;) Again, my qualms were just with proving
Ossama> identity not my location (the thing with the address on my
Ossama> license was because that address is old).
Your identity is even more critical than the location or phone
number, since a rogue develoer may indeed change lcoation (or
perpetrate trojans just before a real life move). A confirmed
identity may act as a deterrent, since it would require greater
effort to dissociate oneself from the crime.
A beautiful woman is a blessing from Heaven, but a good cigar is a
Manoj Srivastava <firstname.lastname@example.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E