On Sat Jun 20 10:19, David Paleino wrote: > > Also, going back to the note about reputation; There's no reason > > reputation can't be associated with a pseudonym or with a GPG key > > attached to a pseudonym. > > How do you sign such a key? You'd break the web of trust, if you don't check > at > least one government-issued document having a photo. And I can't make people > associate my GPG key uid "hanska" with my document saying "David Paleino" -- > even if they know that *I* am hanska (IRC, website, [..]). > > And having a key not signed by anyone seems rather useless :) (/me remembers > his problems getting a GPG signature...)
Why would I sign the key, I don't sign the keys of people I sponsor. I'm not saying that I've checked the key belongs to the person it claims to, just that it's probably the same person each time and therefore reputation can build up around it. In the same way that reputation builds up around the people who post under their real name in Debian forums, but aren't DDs and haven't gone through ID check. > > Anyway, I have no idea whether my sponsorees who I have never met and > > haven't > > gone through ID check are using their real names. If I don't care about > > that, > > why should I care about someone who is using a pseudonym that doesn't look > > like a real name. > > That's the point, "haven't gone through ID check". He could well maintain his > package in Debian, just because he's not responsible for the upload. Yeah, that was my point (-: If he's happy to be sponsored all the time, he can be maintainer or upstream. Matt -- Matthew Johnson
signature.asc
Description: Digital signature
