[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cuban prospective DD can't acomplish NM identification

On Wed, Aug 19, 2009 at 08:48:53AM -0400, Adrian Perez wrote:
> Hello list.
> My name is Adrian Perez, and since months ago, I've managed to get the
> time to contribute to debian as a maintainer. 
> The first issue I found it's that my country wasn't listed on the
> gpg-coord page, thanks to the contact with Ralf Treinen that got fixed;
> but as you may see I was able to submit my request long time after my
> intentions were to. 
> Regardless, I live in Cuba and - correct me if I'm wrong - I'm the first
> Cuban ever to try to enter the process, as a consequence there's no DD
> here which could sign my gpg key. They also seem no plans of anyone or
> the D foundation to visit this country soon; so I'm stuck, and writing
> here for alternatives. I've been sugested by my advocate and by Wouter
> Verhelst to enter the process, where alternatives could be found. So, I
> registered in the NM web app, please tell me if I did wrong, now my
> advocate is planning to answer the questions before - or maybe during -
> weekend.
> I know this isn't the place, but I'm the current maintainer of swt-gtk
> and azureus packages, and part of the Debian java team. I'm also
> reviewing the jigsaw project which will make packaging java apps easier
> for debian and linux in general.
> So, I though was worth to tell the list about my situation, since I knew
> identification would be hard, but I didn't manage to see how hard.

I don't know if it's just me, but I've always thought that something like this
would be done as follows (and for some reason, thought that this was what the
policy was):-

 - Have a person registered with a legal board for the country concerned
   notarise a copy of the persons identity, alongside relevant information
   (Fingerprint, phone number, etc). This is then sent via post to a nominated
   person within the debian community, who would
    1) Check that the person who has notarised the identity is a registered
    legal proefessional in the country concerned.
    2) Contact that person via telephone, using the number that is registered
    via the regulatory board, and confirm that the notarisation did in fact come
    from them
  - Contact the applicant via phone (as listed on the notarised document).
    Confirm the details (specifically the ID number of the identification
    provided), and confirm the fingerprint.

  - Once the person is happy, sign the person's key.

This would be something similar to CACert's "Trusted third party" process.

Although, I see that there is a "trusted third party" (of sorts) already
involved in this.

Maybe the policy for something like this needs to be laid out and defined

Martin "Mez" Meredith

Reply to: