On Tue, Sep 17, 2002 at 04:54:24PM +0200, Bas Zoetekouw wrote: > Hi Arvid! > > You wrote:
[ snip ] > > What is so bad about a signed > > and scanned ID? > > It's less secure. An ID is easily faked using gimp. Ah, yes. Because Debian Developers are automatically familiar with all of the ID formats one might reasonably present, and know how to check for forgery of them. Give me a good color printer (sub-dye would be best, it's what the local DMV uses, but is not required), a pocket laminator, and enough money to make it worth my time, and I'll bet I can fool 85% of DDs into accepting the ID as valid, in person, when it does not bear accurate information. Or do you expect every one of them to know what the various government IDs look like, in what timeframe each one converted to using various anti-forgery techniques, what those *are* for each state, and cover that for every plausible state of identification for a given person? (Which, barring in-depth knowledge of them, could often be over 100 plausible identifying entities; 50 of them in the US alone). It may be more secure, but only by the most marginal of degrees. It is highly insufficient for preventing any form of determined attack (that is, someone who WANTS "root on every Debian user's box"; the equipment named above wouldn't cost more than $1000, today, probably much less), and it isn't much more of a deterrent to cluelessness than requiring a photo ID. Certainly, it is still prefferable to have the bar higher when reasonable, but be realistic about the difference. It isn't that much of one, and there is really very little call for making it an extreme bias which requires "being at the other end of a continent from the nearest DD". Having made a reasonable effort to get in touch with a local DD should suffice. (For the record, yes, my proof of identity is a scanned ID; any developer who is in or will be travelling to the Denver metro area is both welcomed and encouraged to do a signature exchange. If you consider photo ID to be insufficient after the above commentary, I'd be happy to provide other supporting evidence, as well, but only in person.) -- *************************************************************************** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
