Re: Why are in-person meetings required for the debian keyring?

To: debian-project@lists.debian.org
Subject: Re: Why are in-person meetings required for the debian keyring?
From: Vincent Bernat <bernat@debian.org>
Date: Wed, 11 Feb 2015 22:03:17 +0100
Message-id: <[🔎] 874mqs2may.fsf@zoro.exoscale.ch>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org> (Nikolaus Rath's message of "Wed, 11 Feb 2015 11:17:44 -0800")
References: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org>

 ❦ 11 février 2015 11:17 -0800, Nikolaus Rath <Nikolaus@rath.org> :

> However, it seems to me that meeting someone in person isn't actually
> verifying the relevant identity here. My trust in a Debian developer is
> not based on him holding a particular legal name, it is in his history
> of contributions. In other words: just because I'm sure about someone's
> legal name, I wouldn't trust him to run code on my computer. But if
> someone has been contributing to Debian for 5 years with a specific GPG
> key, I'd probably trust him to prepare a package no matter if the name
> associated with the GPG key actually corresponds to some legal identity
> or not.

Some contributors are in the keyring under a pseudonym because of
valuable past contributions. See:
 https://lists.debian.org/debian-newmaint/2009/07/msg00044.html
-- 
Modularise.  Use subroutines.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: Re: Why are in-person meetings required for the debian keyring?
Next by Date: Re: Why are in-person meetings required for the debian keyring?
Previous by thread: Re: Why are in-person meetings required for the debian keyring?
Next by thread: Re: Why are in-person meetings required for the debian keyring?
Index(es):
- Date
- Thread