[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Endorsing Gunnar Hjalmarsson's key F235A25E8A2A9718D7D8BDA36C79687A51F6608C

Dear Pierre-Elliott,

Probably I should keep quiet, but it makes me truly sad to see how this conversation regarding my application has derailed into unfounded allegations, so I have to say something.

On 2021-01-09 13:40, Pierre-Elliott Bécue wrote:
Le jeudi 07 janvier 2021 à 16:35:38+0000, Iain Lane a écrit :
I wrote it by myself.

I express sincere doubts: Sebastien wrote the same thing the day before,

No he did not. According to my mail copies as well as the archived MHonArc copies Iain submitted the first endorsement statement. Sebastien submitted his statement a fully hour later, and it was probably Sebastien who used Iain's wording as a template.

with the same formatting, with the same typo in the key fingerprint
chosen for the endorsement.

Iain has corrected the key id typo, and Sebastien probably will do the same soon. If we leave the unfortunate key id mix-up aside, was it really improper by Sebastien to use Iain's wording as a template? Please note that they have very similar histories as regards interacting with me on Ubuntu and Debian matters.

Here, for confirmation, is what you're asking for:

I have known Gunnar for years under the key

   0CFE 997B 7245 80A7 FA72  F8CF F0B1 10E7 5A69 2F32

I'm afraid Gunnar didn't take the habit of signing his mail and side
work, only his uploads of packages on Ubuntu repos.

That's basically true. Coming from Ubuntu, with a slightly different model for building trust compared to Debian, I haven't signed much on the Debian side up to now. My uploads to mentors of proposed Debian uploads were of course signed, but those signatures are not kept if I understand it correctly.

Yesterday I sent a private mail to Mattia Rizzolo about this same topic. I think that mail would fit well as additional input in this conversation, but I can't make it public without asking Mattia first.

We'll have to see if Keyring Maintainers would be okay with you > endorsing his new key relying on signed work he did in unbutu with
his older one.

Not sure of their answer.

It's not fun to see my possibilities to become a Debian member being jeopardized by misconceptions and suspicions, so in any case please sort it out and hold the further conversation in a more civil manner.


Gunnar Hjalmarsson

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: