[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more developer identity stuff

>>"Ossama" == Ossama Othman <othman@astrosun.tn.cornell.edu> writes:

 Ossama> On 23 Aug 1998, Manoj Srivastava wrote:
 >> Well, you realize that lack of trust also is reciprocated ;-(
 >> Right now, I am thinking that I don't know you at all, and your lack
 >> of trust in us engenders a like lack of trust in me, at least, and I
 >> am unsure about having someone I distrust put code on my production
 >> platforms. 

 Ossama> Somehow I thought you would respond to me in such a fashion,
 Ossama> Manoj.

	Well, that certainly colours me predictable, though I am
 certain you meant more than just that. However, I am at a loss as to
 what other atrributes you are implying; could you elaborate?

 Ossama> I understand why Debian wants to verify a potential
 Ossama> developers identity, and that there is no reason to trust me
 Ossama> at all since no one really knows me.  I have no problem with
 Ossama> Debian's policy regarding a developer's identity because, for
 Ossama> the most part, it admittedly makes sense.

	I am glad we agree.

 Ossama> However, most people have problems with sending official
 Ossama> documents to people who they don't know, as some of the
 Ossama> Debian developers themselves have stated with regard to this
 Ossama> thread of discussion.

	Really? Anyway, you are not supposed to send official
 documents, just copies of official documents are sufficient. I
 understand your reluctance about sending actual licenses or other
 documents to strangers; I would not either. A copy should be fine. 

	In the united stats, the drivers license is public
 information, and the phone books contain phone numbers and
 addresses. Everytime I open a bank account, or try to go back to
 India or any other country, I show my passport. I have little
 problems disseminating the informatoin therein; it is mostly public,
 anyway, and I trust the project not to misuse the information.

 Ossama> I wanted to become a developer because I wanted to contribute
 Ossama> to Debian because I like the Debian distribution(s) and
 Ossama> because I thought that it would be nice "give something back"
 Ossama> to Debian; however, not at the cost of divulging "sensitive"
 Ossama> information.  I may be paranoid, but then so are the rest of
 Ossama> the developers that agree with me.

	If you indeed consider your drivers license "sensitive"
 information, you need to get your PGP key signed. Personally, I
 refuse to sign keys unless I see two forms of photo ID, but your
 mileage may vary. 

 Ossama> You also mentioned issues about snail mail and telephone
 Ossama> numbers.  I do agree with you about those issues.  It is
 Ossama> great that you stand behind your work, especially since I use
 Ossama> your work. ;) Again, my qualms were just with proving
 Ossama> identity not my location (the thing with the address on my
 Ossama> license was because that address is old).

	Your identity is even more critical than the location or phone
 number, since a rogue develoer may indeed change lcoation (or
 perpetrate trojans just before a real life move). A confirmed
 identity may act as a deterrent, since it would require greater
 effort to dissociate oneself from the crime.


 A beautiful woman is a blessing from Heaven, but a good cigar is a
 smoke. Kipling
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: