[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recommends approval of "J?rgen H?gg <jorgen.hagg@axis.com>"

On Fri, Jan 12, 2001 at 05:31:22PM +0200, Antti-Juhani Kaijanaho wrote:
> On 20010112T231245+1000, Anthony Towns wrote:
> > > http://www.debian.org/devel/join/nm-step2
> > >    If the applicant does NOT have any photo-ID such as a drivers
> > >    license or Passport, then any photo of him would do. But in such a
> > >    case, the trusted verification path (such as an employer, or faculty
> > >    member) may be provided, and the final report may explain that.
> > Shouldn't that be done anyway? (It's not that hard to, say, steal
> > someone's wallet and scan their photo id, then sign it with a new GPG
> > key you just created...)
> How would it help with that scenario?

``Hi, I received an application by <foo> to become a Debian maintainer,
  and I'm just trying to verify that s/he's a real person. I've been
  told by email that you know <foo> from university, and that you'd be
  willing to vouch for <foo>'s identity and that it's the real <foo>
  who's applying to join Debian.''

``Sure, I spoke to <foo> the other day and s/he said something about this.
  S/he's enrolled in one of my classes.''

as opposed to say,

``Well, sure, <foo>'s in one of my classes, but I've never heard anything
  about this Debian thing. I'll check tomorrow. ... No, s/he says s/he's
  got no idea what's going on.''

In theory, anyway.

In practice, it's probably just awkward, I guess.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``Thanks to all avid pokers out there''
                       -- linux.conf.au, 17-20 January 2001

Attachment: pgpivQcpiJI6g.pgp
Description: PGP signature

Reply to: