On Fri, 2019-02-01 at 13:47 +0100, Andreas K. Huettel wrote:
> > I don't see anything in glep 76 about requiring verification of the
> > signatures.  It's my view (as trustee) that assertation by the
> > signer
> > that 'this is my signature' is sufficient.
> 
> ^ This. 
> 
> It's not our business to check IDs, and it's not our business to
> stalk people 
> on google or facebook.
> 
> Now if someone says "Here's my name, and actually it is a fake name",
> then 
> that is a reason to refuse commit rights or patch acceptance, and
> probably ask 
> for some sort of verification when another name is then given. 
> 
> (That behaviour is roughly as intelligent as walking up to the
> security guy at 
> the airport and claiming loudly "I have a bomb in my luggage.")
> 
> Apart from that, I dont think we should care.
> 

I agree.

I'd like Gentoo to support pseudonyms (for the purposes of privacy) as
FSF projects does, and in that case ID/webcam verification with OpenPGP
keys being signed by members of trustee makes real sense. (probably
that could be off-topic here)


Cynede