On Wed, Aug 02, 2000 at 06:58:40PM +0000, Dale Scheetz wrote:
> On Wed, 2 Aug 2000, Matthew Vernon wrote:
> > Therefore, what does it matter that I can't remember the face of the
> > person whose key I signed six months ago? I am still happy that I saw
> > good ID, and that if I get mail signed/encrypted with that key that it
> > comes from that person.
> While your happiness _is_ important, just how does it help the
> administrators of Debian? I haven't seen his face, nor has the DAM. You
> are the lucky one who _has_ seen his face, but we know we can not ask you
> at this point if the face matches the name. We agree that the activity
> actually happened at the same time we agree that we can't re-create the
> event accurately in memory.
How does having a picture help the administrators? We don't do biometrics.
What difference does it make if the face matches the name? If I get
plastic surgery, is there some problem somewhere? Should I get one of
those cute masks from MI:2 and wear it at conferences or something?
Do we still do phonecalls for every new maintainer? ie, "What's your
phone number?" "555-5555" "Okay." [dial] [ring, ring] "Hello" "Hi,
I'm calling about your n-m application..."
Can you give an example scenario where, given a phone call and given a key
signed by one or two other developers (who've checked passports and such
before so doing), a photo will still be necessary to avoid some problem?
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``We reject: kings, presidents, and voting.
We believe in: rough consensus and working code.''
-- Dave Clark
Attachment:
pgp8MWgbkAK1R.pgp
Description: PGP signature