On 2022-11-14 13:44 +0000, Dániel Fancsali wrote: > Hello, > I was just wondering the other day, what is and isn't acceptable as the > "user id" of my package signing key? > What if I have a separate online persona as a tech blogger, and I'd like > attach the packages I create to that brand? > Would the mentors project accept that? Would the debian mainstream accept > that, if I make it so far that I got to be part of the Debian project? > Is there any official policy/documentation/best-practices-list for this > situation? My understanding of policy is that what we really care about is that the GPG key securely attests to a particular identity. We prefer that to be somone's 'actual/real/offical' identity, but it can be another identity if it is consistently used. I believe we do have a few DD's that do not use their 'official/conventional' name within debian. I'm not sure what people would think of using a 'brand' identity, but it might be OK if that is how someone normally/consistently presents themselves within debian. This is just my personal understanding. I'm fairly sure there is some actual policy written down somewhere, probably in the 'DD/DM application process' info. Wookey -- Principal hats: Debian, Wookware, ARM http://wookware.org/
Attachment:
signature.asc
Description: PGP signature