On 2022-11-14 13:44 +, Dániel Fancsali wrote:
>Hello,
>I was just wondering the other day, what is and isn't acceptable as the
>"user id" of my package signing key?
>What if I have a separate online persona as a tech blogger, and I'd like
>attach the packages I create to that brand?
>Would the mentors project accept that? Would the debian mainstream accept
>that, if I make it so far that I got to be part of the Debian project?
>Is there any official policy/documentation/best-practices-list for this
>situation?
My understanding of policy is that what we really care about is that
the GPG key securely attests to a particular identity. We prefer that
to be somone's 'actual/real/offical' identity, but it can be another
identity if it is consistently used. I believe we do have a few DD's
that do not use their 'official/conventional' name within debian.
I'm not sure what people would think of using a 'brand' identity, but
it might be OK if that is how someone normally/consistently presents
themselves within debian.
This is just my personal understanding. I'm fairly sure there is some
actual policy written down somewhere, probably in the 'DD/DM
application process' info.
Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/
signature.asc
Description: PGP signature