Hi, Il 06/08/20 19:26, Johannes Schauer ha scritto: > What added value does the connection to a government ID give to Debian? And even if we assumed that it is for some reason useful to link each DD to a "government-verified" identity[1], what we actually verify (basically, the names) is very little. Normal practice, at least in the countries I've experience with, is to collect names, date and place of birth, current home address, possibly a unique government-given identification number (or at least the identification number of the document). [1] For example, to consider them legally responsible if they do something bad, and some user tries to seek for damage compensation from the project. Having just the name of someone is rather useless. Any person named "Giovanni Mascellani" can legitimately go to a keysigning party and get signatures on their key, which is as much linked to me as my actual key is. So what is the benefit of my key being associated to "Giovanni Mascellani" if it is not clear which "Giovanni Mascellani" that is? Not to mention that as far as I know there are already DDs whose key identity does not correspond to any government-given identity. So we already acknowledge that we don't really care about what is your "legal" name. We only care that there are enough people in the community who consider your key identity a reasonable way to identify you. This identification principle does not require to meet in person and use government-issued documents to identify each other (although that remains a totally legitimate way to go, for those who recognize it). (also, one can produce PGP signatures stating that they "didn't make any check of the other person's identity", which as far as I know are accepted by GPG, and by Debian for verifying DDs, as much as any other signature; I don't really understand what's the point of such signature level, although I emit it interpreting it as "I made a very light check of the other person's identity") My two cents, Giovanni. -- Giovanni Mascellani <g.mascellani@gmail.com> Postdoc researcher - Université Libre de Bruxelles
Attachment:
signature.asc
Description: OpenPGP digital signature