Gentoo Archives: gentoo-project

From: Cynede <cynede@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Fri, 01 Feb 2019 14:17:41
Message-Id: 669c7c1c053bb2845459a22c83d8c8322020aafa.camel@gentoo.org
On Fri, 2019-02-01 at 13:47 +0100, Andreas K. Huettel wrote:
> > I don't see anything in glep 76 about requiring verification of the > > signatures. It's my view (as trustee) that assertation by the > > signer > > that 'this is my signature' is sufficient. > > ^ This. > > It's not our business to check IDs, and it's not our business to > stalk people > on google or facebook. > > Now if someone says "Here's my name, and actually it is a fake name", > then > that is a reason to refuse commit rights or patch acceptance, and > probably ask > for some sort of verification when another name is then given. > > (That behaviour is roughly as intelligent as walking up to the > security guy at > the airport and claiming loudly "I have a bomb in my luggage.") > > Apart from that, I dont think we should care. >
I agree. I'd like Gentoo to support pseudonyms (for the purposes of privacy) as FSF projects does, and in that case ID/webcam verification with OpenPGP keys being signed by members of trustee makes real sense. (probably that could be off-topic here) Cynede

Attachments

File name MIME type
signature.asc application/pgp-signature