On Wed, Jul 13, 2016 at 12:53:28PM +0200, Michael Ole Olsen wrote: > If you cannot stand behind your work with your real name, you should not be in Debian IMO > > I'm already starting becoming paranoid with the many new uploaders, debian has gotten large by now. No. No no no no no no no no no. Everything about this, no. No. Trust me, nation state actors wouldn't be coming in as "Foo123", they'd be coming in with a tight identity, with *A REAL* issued ID. All the big countries have had spies in other countries for years, and I find it 100% laughable that you think a name will foil them. Foiled again! Can't find a passable fake passport! If countries who want to get in have datacenters the size of NSA's, and spycraft established from years of fooling border guards trained to find fakes are your threat model, you're boned anyway. You think a border guard can't spot a fake, what makes you think some DD will before signing a key? (protip: they won't). Or that the inbox is secured from a national security letter (protip: they're not). I've known Unit's work from our Ubuntu years, and not only is it better than the majority of people complaining about their uid string, but Unit has done it under the same alias. I trust Unit's work. I don't know how I'd sign their key, but I'd be willing to. This entire thread is a shame. I strongly invite everyone to think about their attack vector and reconsider their point of view. Because trust me, the NSA isn't coming in as Unit, they're comming in after pwning paultag or some DD on VAC. Or by extoring a DD who's been gone from the project for 10 years and has their family kidnapped and the ransom is to run a 0day on a Debian machine. I'll +1 Unit's DM application. I sponsored a few packages and I trust his work. Cheers, Paul
Attachment:
signature.asc
Description: PGP signature