Gentoo Archives: gentoo-project

From: "Andreas K. Huettel" <dilfridge@g.o>
To: gentoo-project@l.g.o
Cc: Matthew Thode <prometheanfire@g.o>
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Fri, 01 Feb 2019 12:47:15
Message-Id: 3018116.TxlsP8b7va@porto
In Reply to: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust by Matthew Thode
> > I don't see anything in glep 76 about requiring verification of the > signatures. It's my view (as trustee) that assertation by the signer > that 'this is my signature' is sufficient.
^ This. It's not our business to check IDs, and it's not our business to stalk people on google or facebook. Now if someone says "Here's my name, and actually it is a fake name", then that is a reason to refuse commit rights or patch acceptance, and probably ask for some sort of verification when another name is then given. (That behaviour is roughly as intelligent as walking up to the security guy at the airport and claiming loudly "I have a bomb in my luggage.") Apart from that, I dont think we should care. -- Andreas K. Hüttel dilfridge@g.o Gentoo Linux developer (council, toolchain, base-system, perl, libreoffice)


File name MIME type
signature.asc application/pgp-signature