1 |
On Fri, Mar 25, 2011 at 3:50 PM, Andreas K. Huettel wrote: |
2 |
>> > * The key must have an userid that refers to an official Gentoo e-mail |
3 |
>> > address. E.g. dilfridge@g.o |
4 |
>> |
5 |
>> no. there's no reason for this requirement, and it prevents proxy |
6 |
>> maintenance long term. e-mail addresses do not verify identity, |
7 |
>> verifying identify verifies identity. this is the point of the web of |
8 |
>> trust. |
9 |
> |
10 |
> So what sort of identity do you want to verify? Seriously, at the moment when I got my commit bit, noone from Gentoo had ever met me in person, and for sure noone had ever had a look at my passport or any similar legal document. The only established connection was my preexisting gpg key, which was then coupled to my gentoo account. |
11 |
|
12 |
and no where do we require you to generate a gpg key bound to the |
13 |
Gentoo e-mail address. we require you to provide a gpg key only. |
14 |
like you said *right here*, we have 0 information to identify you, and |
15 |
using a Gentoo e-mail address adds *nothing* to that. so why add a |
16 |
completely useless requirement ? |
17 |
|
18 |
> As for proxy maintenance, isn't the whole point of that that the proxied maintainers are not devs and do not have (commit access | a gentoo.org user id)? I do not understand how this would prevent proxy maintenance. |
19 |
|
20 |
uhh, you already pointed out how -- git. if i pull updates from a |
21 |
proxy maintainer, it's going to have his signing. |
22 |
-mike |