[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trouble becoming a member

On Tue, Sep 17, 2002 at 04:34:19PM +0200, Arvid Warnecke wrote:
> On Tue, Sep 17, 2002 at 09:25:07AM -0500, Steve Langasek wrote:
> > > I also had some trouble with him, because I have been told that a scaned
> > > ID would be okay to do ID Check. He wanted me to get my key signed by
> > > another developer. That would be no problem if I'd live in a big city
> > > with another german developer, but here is none; I already checked that.
> > > So, I'd like to know if there is a chance to get the process running
> > > again?
> > Who told you that it was ok to use a scanned ID?  Scanned IDs should only
> > be used in EXTREME cases: e.g., you live on the wrong end of a continent,
> > or you cannot travel freely across national borders to meet developers.
> > Even if there are no other developers in your town, there are enough
> > German developers that it should be possible for you to find someone
> > willing to meet with you if you try.

> My advocate told me that this would be possible. So, I have to drive
> lots of kilometres to get my key signed? What is so bad about a signed
> and scanned ID?

It's much easier to forge than a physical ID, and it doesn't prove that
the person submitting the scanned ID actually looks like the person in
the ID.  It is also subject to man-in-the-middle attacks, because someone
could replace your signature with their own while your email is in
transit.  In every way, scanned IDs are a vastly inferior means of
establishing identity.

Is driving some kilometers really too much to ask of someone we will be
trusting with root access to the machines of every Debian user?  Believe
me, compared to a pleasant road trip, there will be times as a developer
when you feel you have wasted much more for much less gain. :)

Steve Langasek
postmodern programmer

Attachment: pgpzEgcYVhOMF.pgp
Description: PGP signature

Reply to: