Re: Please revoke your signatures from Martin Kraff's keys
Steve Langasek <email@example.com> writes:
>> What do you think we get by having the signed ID? What advantages
>> accrue to Debian by having this check that someone's real name is what
>> we think it is?
>> I think it's a good thing, I agree with our practice, but I'm not sure
>> what vast security hole is suddenly opened up here. If we found out
>> that the person who has been a faithful and valuable developer, under
>> the name "Martin Krafft" is not the real Martin Krafft, what should we
>> do? Go find the real Martin Krafft and make him a developer?
> I thought the obvious answer here would be to kick this person out of the
> project for breaching the project's trust. Can you think of a reason why it
> would be ok for someone to lie to us about their real name?
Oh, that's fine, but then I don't see exactly what Manoj is bothered
by. It seems like he ought to be on Martin's side here, they are both
worried about the same thing: that people are a little too lax in
checking IDs', particularly at giant KSPs.