Re: [Debconf-discuss] GPG keysigning?
- To: Russ Allbery <firstname.lastname@example.org>
- Cc: email@example.com, firstname.lastname@example.org
- Subject: Re: [Debconf-discuss] GPG keysigning?
- From: Wouter Verhelst <email@example.com>
- Date: Fri, 3 Jul 2009 20:52:14 +0200
- Message-id: <[🔎] 20090703185214.GC27160@celtic.nixsys.be>
- In-reply-to: <firstname.lastname@example.org>
- References: <20090623065016.GE21074@piper.oerlikon.madduck.net> <20090622130442.GA27701@lapse.rw.madduck.net> <20090617114955.GC19011@piper.oerlikon.madduck.net> <20090625050327.GD21562@dario.dodds.net> <20090625081840.GC14225@piper.oerlikon.madduck.net> <email@example.com> <4A43BF64.firstname.lastname@example.org> <email@example.com>
On Thu, Jun 25, 2009 at 11:24:29AM -0700, Russ Allbery wrote:
> Giacomo Catenazzi <firstname.lastname@example.org> writes:
> > A naive question: why does not FSF check identity of contributors?
> > They must sign a copyright assignment (or disclaimer), send this
> > document to FSF, but I see no identity check on FSF side.
> > They do this for legal reasons!
> > For FSF copyright assignment is more important than identity check.
> > For us seems the contrary, but AFAIK FSF work closely with lawyer then
> > us!
> This may appear counterintuitive, but I believe the FSF is at
> significant less legal risk for the sorts of problems we're discussing
> than Debian is. This is because the FSF doesn't distribute binaries and
> doesn't provide automated updates to systems.
Even if this were true (which I doubt), I'm quite certain that whether
or not you use your real name on a piece of software has any relevance
whatsoever as to whether you're accountable and/or can be sued for what
you did with said software.
There is no reason other than "it's good form" why we would require a
real name from contributors.
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.