Manoj Srivastava <[EMAIL PROTECTED]> writes: >> What would you suggest instead? > > Stop signing keys for Debian developers, since purchased ID's > are acceptable in this community? ;) At this point, I am not sure what > my stance is going to be.
What do you think we get by having the signed ID? What advantages accrue to Debian by having this check that someone's real name is what we think it is? I think it's a good thing, I agree with our practice, but I'm not sure what vast security hole is suddenly opened up here. If we found out that the person who has been a faithful and valuable developer, under the name "Martin Krafft" is not the real Martin Krafft, what should we do? Go find the real Martin Krafft and make him a developer? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]