| 1 |
So saying in on original discussion. |
| 2 |
|
| 3 |
Having gone through the recruitment process there was nothing that told Gentoo who I was other then the application. I could of put down something like Bugs L. Bunny and as long as I would reply to my Email address for Bugs Bunny and passed the tests, and answered to the name of Bugs I would of been a Gentoo developer (Do not get stuck on the name, using it as example). |
| 4 |
|
| 5 |
I think that we need Authentication of who the people are. Personal opinion but a scan or a picture of a legal document (Passport / Driving License / Birth Certificate) with the official numbers blanked out should be part of the recruitment process. If that is the case the recruiter then has verification of who the person is. That document should not be stored anywhere, but in the ticket should be noted as verified. |
| 6 |
|
| 7 |
Getting on to GPG now… if that is the case and the identify is verified then a quick video chat for 5 seconds using any media would be enough for the recruiter to establish a web of trust. Then the recruiter as part of filing for access would also sign the GPG key and that would establish the web of trust. Now how much you trust someone via GPG is your choice. For example those that I met in person hold higher trust rating then those I did not. |
| 8 |
|
| 9 |
Now I know people said about time and constraints, travel, etc. Scanning your License, School ID (for students), etc is not a big deal. As long as it contains a picture is issued by some authority and contains a name, should be enough for us to provide the trust in that person besides their skills. |
| 10 |
|
| 11 |
________________ |
| 12 |
Yury German |
| 13 |
Gentoo Security Team | Planet Gentoo |
| 14 |
Email: blueknight@g.o |
| 15 |
|
| 16 |
GPG Fingerprint: 8858 89D6 C0C4 75C4 D0DD FA00 EEAF ED89 024C 043 |
Archives