Gentoo Archives: gentoo-project

From: Chris Reffett <creffett@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Fri, 01 Feb 2019 00:42:18
Message-Id: c82828ce-9b23-1edf-89ca-84eeef5437c8@gentoo.org
In Reply to: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust by "Michał Górny"
1 On 1/31/2019 8:56 AM, Michał Górny wrote:
2 >
3 > 3. Before signing a user identifier, make sure to:
4 >
5 > b. Verify the person's real name (at least for the user identifier
6 > used for copyright purposes). This is usually done through
7 > verifying an identification document with photograph. It is
8 > a good idea to ask for the document type earlier, and read on
9 > forgery protections used.
10 >
11 > In some cases, alternate methods of verifying the identity may be
12 > used if they provide equivalent or better level of reliability.
13 > This can include e.g. use of national online identification
14 > systems or bank transfers.
15 >
16
17 I concur with the other comments people have made about this being an
18 unnecessarily restrictive burden, but let me pose a more philosophical
19 question: _why should proving my real name matter_? It's irrelevant that
20 I can prove my real name is in fact Chris Reffett, what's more important
21 is that there is somebody claiming the identity "creffett" whom people
22 (theoretically) trust as a developer. If I can't prove that that's my
23 real name, does that actually make a difference as to my trustworthiness
24 as a dev? It's the online "persona," if you will, that people trust, and
25 I don't see how verifying my name changes that. Now if I were trying to
26 use my PGP key as proof of my real-world identity, sure, it's a
27 reasonable concern, but I expect that if I'm involved in something like
28 that I would have to supply a scan of an identity document anyway.
29
30 And since I know someone will bring it up: yes, that is in fact my real
31 name. I'm just making a point.
32
33 -creffett

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust Kristian Fiskerstrand <k_f@g.o>