On Fri, Apr 27, 2012 at 3:54 AM, speps <[email protected]> wrote: > On Fri, 27 Apr 2012 00:46:03 +0200 > Gaetan Bisson <[email protected]> wrote: > >> [2012-04-26 21:26:19 +0200] speps: >> > So, from the beginning of my Internet experience, I never referenced to >> > myself through my real name/life, but using a nickname, a digital identity. >> >> Also, your IP address is in the headers. > > Not a problem :) > >> Anyhow, there is no anonymity debate: different master key holders >> verify different aspects of who you claim to be, and that is all there >> is to it. For instance, they may verify your email address by asking you >> to reply to encrypted messages, or verify your website by asking you to >> upload your public key there. Verifying your identity is another element >> that builds up confidence and reputation, even when it is not directly >> related to your packaging activities. The point being that we get a >> notion of trust a little stronger than "I never saw bad packages coming >> that way." > > Hi and thanks for sharing your opinions on the topic. > If I didn't get it wrong, this means real name is not mandatory, but an > additional > point that may enforce trust for someone while it confirms relevant > informations. > >> Speaking of email addresses, could you show us that you own >> [email protected] since it is what you used on the AUR? > > Here I am > >> > As you can see I sign mails with my GPG Key >> >> Could you publish that key somewhere? > > Sure, it is already published on the pgp.mit.edu key server > http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xCF7037A4F27FB7DA > > GPG-Key: 0xF27FB7DA > Key fingerprint: 8840 BD07 FC24 CB7C E394 A07C CF70 37A4 F27F B7DA > >> Cheers. > > Regards > > > - speps -
It's odd that with more than 600 packages on AUR I don't use a single one of them but that's not an issue of course :P and their quality is good. I never had a problem revealing my real-life identity on the internet but I also don't think that it actually changes anything since, as everyone else already pointed out, I think GPG identities are already providing the necessary security requirements for Arch. Even if I met speps in the flesh, it's not like I would trust him any more than I do now just because he has a face.
