❦ 11 février 2015 11:17 -0800, Nikolaus Rath <[email protected]> :
> However, it seems to me that meeting someone in person isn't actually > verifying the relevant identity here. My trust in a Debian developer is > not based on him holding a particular legal name, it is in his history > of contributions. In other words: just because I'm sure about someone's > legal name, I wouldn't trust him to run code on my computer. But if > someone has been contributing to Debian for 5 years with a specific GPG > key, I'd probably trust him to prepare a package no matter if the name > associated with the GPG key actually corresponds to some legal identity > or not. Some contributors are in the keyring under a pseudonym because of valuable past contributions. See: https://lists.debian.org/debian-newmaint/2009/07/msg00044.html -- Modularise. Use subroutines. - The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature
