Re: Please revoke your signatures from Martin Kraff's keys

[Thomas Bushnell BSG <tb@becket.net>]

Manoj Srivastava <srivasta@debian.org> writes:

>> What would you suggest instead?
>
>         Stop signing keys for Debian developers, since purchased ID's
>  are acceptable in this community? ;) At this point, I am not sure what
>  my stance is going to be.

What do you think we get by having the signed ID?  What advantages
accrue to Debian by having this check that someone's real name is what
we think it is?

I think it's a good thing, I agree with our practice, but I'm not sure
what vast security hole is suddenly opened up here.  If we found out
that the person who has been a faithful and valuable developer, under
the name "Martin Krafft" is not the real Martin Krafft, what should we
do?  Go find the real Martin Krafft and make him a developer?