Gentoo Archives: gentoo-project

From: Rich Freeman <rich0@g.o>
To: gentoo-project <gentoo-project@l.g.o>
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Fri, 01 Feb 2019 01:56:43
Message-Id: CAGfcS_=CR0=A9L0e4pdhgEf8ADp5e2VTFBaqHkskcp0YT0KUBA@mail.gmail.com
In Reply to: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust by Chris Reffett
On Thu, Jan 31, 2019 at 7:55 PM Chris Reffett <creffett@g.o> wrote:
> > On 1/31/2019 7:42 PM, Kristian Fiskerstrand wrote: > > On 2/1/19 1:41 AM, Chris Reffett wrote: > >> but let me pose a more philosophical > >> question: _why should proving my real name matter_? > > > > It matters in the context of copyright law. > > > > That said, though, I'm talking about the GPG key itself here, not my > commits, and I think that verification of real identity through WoT is > an unreasonably high bar for claiming copyright.
++ I think there are a lot of good reasons to require real names. However, making that our policy and upholding it when we have cause to think a name is false doesn't require us to rigorously check IDs. Maybe for officers listed on filings for the Foundation it is more of a concern. IMO Gentoo developers should simply be asked to provide their real name, and to confirm that they are legally adults. I don't think we're doing anything that necessitates a higher level of due diligence than that unless somebody actually brings a potential specific concern to our attention. -- Rich

Replies

Subject Author
Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust "Andreas K. Huettel" <dilfridge@g.o>