On Tue, 2005-01-18 at 18:54, Andrej Kacian wrote: > On Tue, 18 Jan 2005 18:51:53 -0500 > Chris Gianelloni <[EMAIL PROTECTED]> wrote: > > > > Another question: Why are keys from new developer are no signed? A minimun > > > of one another dev must have trust him, or not? :-) > > > > Trust him? Yes. Met him and able to prove that he is who he says that > > he is? No. > > Well, I for one am really curious about how will this "web of trust" issue be > solved. Some devs simply can't afford to go to the events where devs usually > meet, be it time constraints, or simply a money issue.
A more interesting question is what is identity. In some sense I have a number of names, here I am "beattie at beattie dash home dot net", at work I am "brian.beattie at somebigcompany dot com" in email and Brian Beattie f2f, at home I'm butt-head and daddy, I have other names in other contexts, which of these is my "real name". I would answer, it depends on the context. If I were a gentoo developer and I had done good work for long enough for people to trust me, do I really matter what the name on my birth certificate was? What the name is in some government database? I do not think so. If an email address can consistantly provide a strong key and good work, then you can say with as much trust as you place in the key that a certain message is from the same source as the source of the good work. I personally don't think showing some person some physical ID makes that trust any stronger, unless you need to trust me in "meat space". Code does not exist in "meat space". -- Brian Beattie LFS12947 | "Honor isn't about making the right choices. [EMAIL PROTECTED] | It's about dealing with the consequences." www.beattie-home.net | -- Midori Koto -- gentoo-dev@gentoo.org mailing list
