Gentoo Archives: gentoo-project

From: Rich Freeman <rich0@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications?
Date: Wed, 04 Jan 2017 21:34:22
Message-Id: CAGfcS_nNPL3DWoqGUzekvr3jBsTGNudVt6zpUrD0XBYWwJ3tKw@mail.gmail.com
In Reply to: Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? by Kristian Fiskerstrand
1 On Wed, Jan 4, 2017 at 4:27 PM, Kristian Fiskerstrand <k_f@g.o> wrote:
2 > On 01/04/2017 10:17 PM, Michał Górny wrote:
3 >>>> Isn't barrier of entry to Gentoo high enough already? I know many
4 >>>> people refusing to join because they consider quizzes
5 >>>> and the recruitment procedure to be too cumbersome and a waste of time.
6 >>> No, I don't feel that this is conflicting, on some level it comes down
7 >>> to a matter of more than technical skills, in this particular context
8 >>> also establishing trust, both in terms of security and in the long term
9 >>> responsibilities of both having commit access in general and maintaining
10 >>> the packages picked up for maintenance.
11 >> Are you assuming that having a verified proof of identity (well, more
12 >> of the name since I suppose you won't be recording all his data) of
13 >> a developer would prevent him from abusing his account?
14 >
15 > I would certainly consider it less likely
16 >
17
18 I would tend to agree. Your real-world identity is tied to your
19 ability to earn a living, so you have an incentive to protect its
20 reputation.
21
22 And, in the event of abuse having to forge a government ID would be a
23 considerable barrier to re-applying, and it would likely increase the
24 stakes if you're caught doing it (since real-world governments tend to
25 look unkindly on the forgery of such things).
26
27 I don't question the usefulness of verifying identity, just the practicality.
28
29 --
30 Rich

Replies