| 1 |
On Fri, 2019-02-01 at 13:47 +0100, Andreas K. Huettel wrote: |
| 2 |
> > I don't see anything in glep 76 about requiring verification of the |
| 3 |
> > signatures. It's my view (as trustee) that assertation by the |
| 4 |
> > signer |
| 5 |
> > that 'this is my signature' is sufficient. |
| 6 |
> |
| 7 |
> ^ This. |
| 8 |
> |
| 9 |
> It's not our business to check IDs, and it's not our business to |
| 10 |
> stalk people |
| 11 |
> on google or facebook. |
| 12 |
> |
| 13 |
> Now if someone says "Here's my name, and actually it is a fake name", |
| 14 |
> then |
| 15 |
> that is a reason to refuse commit rights or patch acceptance, and |
| 16 |
> probably ask |
| 17 |
> for some sort of verification when another name is then given. |
| 18 |
> |
| 19 |
> (That behaviour is roughly as intelligent as walking up to the |
| 20 |
> security guy at |
| 21 |
> the airport and claiming loudly "I have a bomb in my luggage.") |
| 22 |
> |
| 23 |
> Apart from that, I dont think we should care. |
| 24 |
> |
| 25 |
|
| 26 |
I agree. |
| 27 |
|
| 28 |
I'd like Gentoo to support pseudonyms (for the purposes of privacy) as |
| 29 |
FSF projects does, and in that case ID/webcam verification with OpenPGP |
| 30 |
keys being signed by members of trustee makes real sense. (probably |
| 31 |
that could be off-topic here) |
| 32 |
|
| 33 |
|
| 34 |
Cynede |
Archives