On Wed, 28 Jul 1999, Jor-el wrote: > Maybe I am being unusually dense here, but what proof did you see > that the [EMAIL PROTECTED] id actually belonged to me? For all you know, it > could be the id used by Bill Gates himself, with my name tagged onto it. > Unless you look up my ISP records, there is no way you can say that the id > does or does not belong to me. This is the same for the Jor-el id too. > Under the circumstances, you should have been able to sign the second one > too. If I had presented a PGP key with the id of "Kenneth Stephen > <[EMAIL PROTECTED]>" (assuming that this is an email id of Bill Gates), > would you have signed my key? According to your argument, there would have > been no reason for you not to. Indeed your whole argument rests on > trusting me to tell the truth that the email id in question is indeed > mine.
You showed me proof of your IDENTITY. Your email address is a way to reach you, and possibly distinguish bobsmith1 from bobsmith2. You yourself have signed your own ID, claiming that that is your email address. All that's important though is that I know the key belongs to you. An email address is just an email address. > If, I become a Debian maintainer, I will indeed provide them with > my real name. But to continue with your analogy, once I am hired by the > company, I can have the sysadmin setup my ids to whatever I want to within > reasonable limits. By the same token, Debian would know what my real name > is, and anyone who wanted to check could do so. What is so sacred about me > using another id which Debian would be able to correlate to me with the > SAME AMOUNT OF ACCURACY AND TRUST that they would have for the other id? > Your argument about them not being able to trust the Jor-el id is based on > the fact that you didnt sign it. My argument is that there is no reason > for you not to sign it, and thus it should also be valid for Debian use. You can get your @debian.org address to be whatever you want. You will still sign your packages with your real name. Adam
