1 |
On Fri, 2019-02-01 at 13:47 +0100, Andreas K. Huettel wrote: |
2 |
> > I don't see anything in glep 76 about requiring verification of the |
3 |
> > signatures. It's my view (as trustee) that assertation by the |
4 |
> > signer |
5 |
> > that 'this is my signature' is sufficient. |
6 |
> |
7 |
> ^ This. |
8 |
> |
9 |
> It's not our business to check IDs, and it's not our business to |
10 |
> stalk people |
11 |
> on google or facebook. |
12 |
> |
13 |
> Now if someone says "Here's my name, and actually it is a fake name", |
14 |
> then |
15 |
> that is a reason to refuse commit rights or patch acceptance, and |
16 |
> probably ask |
17 |
> for some sort of verification when another name is then given. |
18 |
> |
19 |
> (That behaviour is roughly as intelligent as walking up to the |
20 |
> security guy at |
21 |
> the airport and claiming loudly "I have a bomb in my luggage.") |
22 |
> |
23 |
> Apart from that, I dont think we should care. |
24 |
> |
25 |
|
26 |
I agree. |
27 |
|
28 |
I'd like Gentoo to support pseudonyms (for the purposes of privacy) as |
29 |
FSF projects does, and in that case ID/webcam verification with OpenPGP |
30 |
keys being signed by members of trustee makes real sense. (probably |
31 |
that could be off-topic here) |
32 |
|
33 |
|
34 |
Cynede |