On Fri, May 26, 2006 at 03:45:24PM -0700, Thomas Bushnell BSG wrote: > Manoj Srivastava <srivasta@debian.org> writes: > >> What would you suggest instead? > > Stop signing keys for Debian developers, since purchased ID's > > are acceptable in this community? ;) At this point, I am not sure what > > my stance is going to be. > What do you think we get by having the signed ID? What advantages > accrue to Debian by having this check that someone's real name is what > we think it is? > I think it's a good thing, I agree with our practice, but I'm not sure > what vast security hole is suddenly opened up here. If we found out > that the person who has been a faithful and valuable developer, under > the name "Martin Krafft" is not the real Martin Krafft, what should we > do? Go find the real Martin Krafft and make him a developer? I thought the obvious answer here would be to kick this person out of the project for breaching the project's trust. Can you think of a reason why it would be ok for someone to lie to us about their real name? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature