[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

I strongly disagree with the interpretation being made here.

Every applicant must provide an image file of a photograph of themselves,
most desired is a passport or a photo ID, signed with their GPG key, in
order to identify themselves to the group. This image is archived by the
DAM as the record of the "eyeball" portion of the identification.

If the key is already signed by a current Debian member, no further
identification is necessary. Otherwise the more complex "handshake" clause
is executed.

Having a key that is signed by a Debian member, doesnot constitute
"eyeball" contact, as many members have admitted that, although they
certainly looked at ID during the keysigning, they are not certain that
they can still identify the person by face.

Having the assurance that the keyholder is the applicant (this comes from
the signature on their key) coupled with the signed image provided by the
applicant closes the eye/hand loop. Neither is sufficient without the

I would also ask: Do we want to accept people as members who are unwilling
to show us their face?

Obvoiusly I don't think so ;-)


On 31 Jul 2000, Taketoshi Sano wrote:

> Hi.
> Since the new list debian-newmaint-discuss was created (Thanks list-admins!)
> I think this topic should be moved on to there.  For members in the NM team
> who has not subscribed the new list, I sent the copy of this mail to the old
> nm-admin list.
> In <[🔎] 20000731005548.A12428@ftoomsh.progsoc.uts.edu.au>,
>   on Mon, 31 Jul 2000 00:55:48 +1000,
>  Anand Kumria <wildfire@progsoc.uts.edu.au> wrote:
> > On Sun, Jul 30, 2000 at 02:22:09PM +0200, Wichert Akkerman wrote:
> > > Previously Anand Kumria wrote:
> > > > Applicants whose keys are signed by existing developers must still
> > > > submit a photographic ID of themselves.
> > > 
> > > This is not true as far as I know.
> > 
> > Well two developers have already pointed out otherwise; plus this:
> > 
> > <URL: http://www.debian.org/devel/join/nm-step2>
> > 
> > It talks about an "eyeball" and "handshake" portion (whatever they are)
> > 
> > To satisfy the "handshake" portion you are supposed to provide a key
> > and an image signed with that key.
> Yes.  I wrote it there since I have thought that it is required.  
> If this is not true anymore, then I will happily rewrite it.  
> Can I do that ?
> > To satisfy the "eyeball" portion one means is to have your key signed by
> > another developer. This is, as far as know, how all the AMs have read and 
> > interupreted this.  In fact I don't recall anyone using clauses 2 or 3
> > to close the "eyeball" loop.
> There was a "test case" done by Julian Gilbey for his applicant,
> where the applicant does not have the key signed by Debian member
> initially. But the applicant eventually got the signature on his 
> key, so it can be classified as one of cases which used clause 1.
> > I think the identification step should be in two halves:
> > 
> > - An applicant must have a public key.
> > 
> > 1. The key must be acceptable to GNU Privacy Guard (GnuPG) without
> > additional (non-free) modules
> > 2. The key must be self-signed
> > 
> > If an applicants key is already signed by an existing Debian Developer, the
> > identification step is deemed complete. Continue with Step 3 and exit Step 2.
> > 
> > - An applicant should provide another means of identifying themselves
> > 
> > This applies if the applicants key is not already signed by an existing
> > Debian Developer. Some possible means are:
> > 
> > 1. A signed image of themselves
> > 2. A reference by someone known to both the applicant and the AM (e.g. Linus)
> > 3. (potentially) A well known signatory on their public key (e.g. RMS)
> > 4. Some other means acceptable to both the applicant and the AM.
> > 
> > I list 3 as a potential as this possibility does not currently exist
> > in closing the "eyeball" section.
> For the record, I won't object this proposal (in fact, I prefer this).
> I know the decision is not under my control at all, of course.
> -- 
>   Taketoshi Sano: <sano@debian.org>,<sano@debian.or.jp>,<kgh12351@nifty.ne.jp>
> _______________________________________________
> nm-admin mailing list  -  nm-admin@cipsa.physik.uni-freiburg.de
> http://cipsa.physik.uni-freiburg.de/mailman/listinfo/nm-admin

_-_-_-_-_-   Author of "The Debian Linux User's Guide"  _-_-_-_-_-_-

aka   Dale Scheetz                   Phone:   1 (850) 656-9769
      Flexible Software              11000 McCrackin Road
      e-mail:  dwarf@polaris.net     Tallahassee, FL  32308

_-_-_-_-_-_- See www.linuxpress.com for more details  _-_-_-_-_-_-_-

Reply to: