Hi Sam,
TL;DR: While there may be improvements to be found in a completely
different approach to identity, let us not let the scope of the
discussion broaden that far, so we can make progress today.
I respectful disagree on this point. This conversation started with a question about how to verify identity without in-person interaction. The reason a number of people have seemingly broadened the scope (from my perspective, I clearly don't know people's actual motivations) is because that is the deeper question behind the original query.
>>>>> "Olek" == Olek Wojnar <olek@debian.org> writes:
Olek> Thanks to some great tools, it's fairly easy to
Olek> verify that they do indeed control the email addresses tied to
Olek> their key. That's what I care about at that point in time.
For me, that's not nearly enough.
If all you want to do is verify that a particular point in time, an
email address belongs to a key, set up a service to do that.
I was referring to the caff package.
When I sign a key I am signing a certification that I believe
1) the key and
2) the real world identity
correspond to the digital identity in the FLOSS community represented by
the claimed email address.
That is how I have always done it as well but this conversation is making me rethink the *why* of that process.
I don't want to throw out what we have without a viable suggestion that
the project can get behind.
Agreed.
So, let's focus this thread on key signing and how to adapt that because
it's what we have today and because we're looking for some short-term
answers.
If you want to start a different thread proposing to revamp how we think
about identity, go for it.
Again, I disagree that these are distinct topics. I think they are intrinsically linked.
There have been some good points so far about the value of having a real-world identity connected to your Debian identity for reasons of accountability and liability. There have also been good points about personal privacy. (Dissident Test, anyone?)
I was just recently speaking with a prospective first-time contributor who was very excited about being involved in the project but was not comfortable sharing their real life identity. Do we turn people like that away or welcome their contributions into the project once we have validated their reliability and trustworthiness *in the scope of the Debian Project*? Do we absolutely *have* to have a real life identity connected to someone to sign their key? Or to accept a patch? Or a packaging job? Or permissions as a DM?
I'm not advocating a position since I'm not 100% sure what the answer should be. But I think that these are important questions to ask ourselves and an important conversation to have. Perhaps this will eventually lead to a GR, or perhaps we'll develop a consensus here. But we absolutely need to be having this conversation and considering all points of view and repercussions.
-Olek