On Fri, Jul 03, 2009 at 06:00:11PM -0700, Steve Langasek wrote:
> On Fri, Jul 03, 2009 at 08:52:14PM +0200, Wouter Verhelst wrote:
> > Even if this were true (which I doubt), I'm quite certain that whether
> > or not you use your real name on a piece of software has any relevance
> > whatsoever as
On Fri, Jul 03, 2009 at 08:52:14PM +0200, Wouter Verhelst wrote:
> Even if this were true (which I doubt), I'm quite certain that whether
> or not you use your real name on a piece of software has any relevance
> whatsoever as to whether you're accountable and/or can be sued for what
> you did with
On Thu, Jun 25, 2009 at 11:24:29AM -0700, Russ Allbery wrote:
> Giacomo Catenazzi writes:
> > A naive question: why does not FSF check identity of contributors?
> > They must sign a copyright assignment (or disclaimer), send this
> > document to FSF, but I see no identity check on FSF side.
> >
>
Russ Allbery wrote:
> martin f krafft writes:
>> also sprach Steve Langasek [2009.06.25.0703 +0200]:
>
>>> The government IDs are relevant because when we're collaborating on
>>> an OS where there's minimal code review of the work done by
>>> maintainers and a well-chosen malicious package could
Giacomo Catenazzi writes:
> A naive question: why does not FSF check identity of contributors?
> They must sign a copyright assignment (or disclaimer), send this
> document to FSF, but I see no identity check on FSF side.
>
> They do this for legal reasons!
>
> For FSF copyright assignment is mor
martin f krafft writes:
> also sprach Steve Langasek [2009.06.25.0703 +0200]:
>> The government IDs are relevant because when we're collaborating on
>> an OS where there's minimal code review of the work done by
>> maintainers and a well-chosen malicious package could cause millions
>> or billio
* martin f krafft [2009-06-25 04:21-0400]:
> > The government IDs are relevant because when we're collaborating
> > on an OS where there's minimal code review of the work done by
> > maintainers and a well-chosen malicious package could cause
> > millions or billions of dollars in damage to our us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
martin f krafft wrote:
>> The government IDs are relevant because when we're collaborating
>> on an OS where there's minimal code review of the work done by
>> maintainers and a well-chosen malicious package could cause
>> millions or billions of dolla
Giacomo A. Catenazzi wrote:
> Very strange logic. BTW AFAIK justice doesn't identify people
> because of ID documents.
It certainly does. Just imagine what will happen if you make yourself
wanted by the authorities and then show your (valid) documents to some
police officers. In case you don't ha
also sprach Steve Langasek [2009.06.25.0703 +0200]:
> > You are putting *way* too much weight and importance into the
> > government-issued document, and basically none into the identity of
> > the holder. Seriously: we're supposed to be certifying identities,
> > not the authenticity of a governm
Steve Langasek wrote:
On Wed, Jun 17, 2009 at 01:49:55PM +0200, martin f krafft wrote:
This would also eliminate people that have fake ID from places
that most people wouldn't recognise at all -- we're almost bound
to have a local that will recognise it as fake, and so not sign.
By adding the d
On Wed, Jun 17, 2009 at 01:49:55PM +0200, martin f krafft wrote:
> > This would also eliminate people that have fake ID from places
> > that most people wouldn't recognise at all -- we're almost bound
> > to have a local that will recognise it as fake, and so not sign.
> > By adding the denounceme
On Tue, Jun 23 2009, Giacomo A. Catenazzi wrote:
> Manoj Srivastava wrote:
>> On Tue, Jun 23 2009, Giacomo A. Catenazzi wrote:
>
>>> I think you miss an important item: people with the same name. In my
>>> small town, I know a lot of people with same name (first and surname).
>>> In linux communi
Manoj Srivastava wrote:
On Tue, Jun 23 2009, Giacomo A. Catenazzi wrote:
I think you miss an important item: people with the same name. In my
small town, I know a lot of people with same name (first and surname).
In linux community we have three different Alax Cox.
Right. But you ne
On Tue, Jun 23 2009, Giacomo A. Catenazzi wrote:
> Manoj Srivastava wrote:
> (...)
>> Now really, we want to tie the key to a person -- even if they
>> resleeve (a. la. Altered Carbon, [0]). Thankfully, releeving is not
>> (yet) possible, so we don't have to deal with that. All we have t
also sprach Johannes Wiedersich
[2009.06.23.1117 +0200]:
> The fact that different governments may have different levels of
> security/reliablity attached to their documents does not render the
> process arbitrary. Sticking to government IDs is a simple *rule*,
> sticking to some more or less vag
martin f krafft wrote:
> also sprach Russ Allbery [2009.06.23.0158 +0200]:
>> Meeting in person and exchanging government ID or something that
>> looks good enough to fool people is a compromise position, but
>> I do think there's a general feeling that it's close to a sweet
>> spot in that tradeo
Manoj Srivastava wrote:
(...)
Now really, we want to tie the key to a person -- even if they
resleeve (a. la. Altered Carbon, [0]). Thankfully, releeving is not
(yet) possible, so we don't have to deal with that. All we have to do
is to tie a key to a real live person, and do it in a f
also sprach Manoj Srivastava [2009.06.23.0325 +0200]:
> Now, Madduck wants us to say that there is no need for this
> broader identity verification mechanism, that oe should just trust
> him, and there shall be a means of smiting evil doers just the
> same -- but after debconf 6 --- his track reco
also sprach Russ Allbery [2009.06.23.0158 +0200]:
> > However, if you want to tie that key owner to a real person, to
> > somehow (my speculation) bring down the wrath on the community
> > on someone who does something nasty or subverts the DMUP or
> > causes the FSM to weep, well, you need the m
Manoj Srivastava writes:
> On Mon, Jun 22 2009, Russ Allbery wrote:
>> Going back to the previous discussion in debian-devel about signing a
>> key for which the only IDs are pseudonyms, I personally would do
>> that, but only if I knew the person personally and knew they were the
>> person who u
On Mon, Jun 22 2009, Russ Allbery wrote:
> Manoj Srivastava writes:
>> So while signing keys is not about governments, as Russ said, it
>> is about establishing identity, and government issued identity
>> documents are better proxies for establishing that than I can be
>> bothered to
On Mon, Jun 22 2009, martin f krafft wrote:
> Does it matter whether I have a passport that carries my name, or
> whether the name on my key, with which I consistently identify
> myself in Debian, is actually my own name? Why would anyone care?
This is getting silly enough that we probabl
Manoj Srivastava writes:
> However, if you want to tie that key owner to a real person, to
> somehow (my speculation) bring down the wrath on the community on
> someone who does something nasty or subverts the DMUP or causes the FSM
> to weep, well, you need the meet and greet and key
24 matches
Mail list logo