[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

On Fri, May 26, 2006 at 03:45:24PM -0700, Thomas Bushnell BSG wrote:
> Manoj Srivastava <srivasta@debian.org> writes:

> >> What would you suggest instead?

> >         Stop signing keys for Debian developers, since purchased ID's
> >  are acceptable in this community? ;) At this point, I am not sure what
> >  my stance is going to be.

> What do you think we get by having the signed ID?  What advantages
> accrue to Debian by having this check that someone's real name is what
> we think it is?

> I think it's a good thing, I agree with our practice, but I'm not sure
> what vast security hole is suddenly opened up here.  If we found out
> that the person who has been a faithful and valuable developer, under
> the name "Martin Krafft" is not the real Martin Krafft, what should we
> do?  Go find the real Martin Krafft and make him a developer?

I thought the obvious answer here would be to kick this person out of the
project for breaching the project's trust.  Can you think of a reason why it
would be ok for someone to lie to us about their real name?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: