| 1 |
On Fri, Mar 25, 2011 at 3:50 PM, Andreas K. Huettel wrote: |
| 2 |
>> > * The key must have an userid that refers to an official Gentoo e-mail |
| 3 |
>> > address. E.g. dilfridge@g.o |
| 4 |
>> |
| 5 |
>> no. there's no reason for this requirement, and it prevents proxy |
| 6 |
>> maintenance long term. e-mail addresses do not verify identity, |
| 7 |
>> verifying identify verifies identity. this is the point of the web of |
| 8 |
>> trust. |
| 9 |
> |
| 10 |
> So what sort of identity do you want to verify? Seriously, at the moment when I got my commit bit, noone from Gentoo had ever met me in person, and for sure noone had ever had a look at my passport or any similar legal document. The only established connection was my preexisting gpg key, which was then coupled to my gentoo account. |
| 11 |
|
| 12 |
and no where do we require you to generate a gpg key bound to the |
| 13 |
Gentoo e-mail address. we require you to provide a gpg key only. |
| 14 |
like you said *right here*, we have 0 information to identify you, and |
| 15 |
using a Gentoo e-mail address adds *nothing* to that. so why add a |
| 16 |
completely useless requirement ? |
| 17 |
|
| 18 |
> As for proxy maintenance, isn't the whole point of that that the proxied maintainers are not devs and do not have (commit access | a gentoo.org user id)? I do not understand how this would prevent proxy maintenance. |
| 19 |
|
| 20 |
uhh, you already pointed out how -- git. if i pull updates from a |
| 21 |
proxy maintainer, it's going to have his signing. |
| 22 |
-mike |
Archives