On Thu, Aug 13, 2020 at 02:59:59AM +0200, Ángel wrote: > as there would be an external motivation to do that which is financing > such activity. Please note that by 'company' I am not meaning just > business entities, but also three letter agencies, nation states, > malicious hacker groups, mafia... > Even ignoring the (likely) ability of such groups to get a passport > under a name different than the one given at birth to an individual, > it seems they would have little trouble to produce a new identity to > present to Debian. I assume they would probably only have a few people > on payroll with the required expertise tasked to infiltrate into the > project, *however* it would be very easy to let them assume online the > identity of any other employee (such as a non-technical receptionist), > which would be plenty if compared to the number of "ghosthacker > developers".
I don't get where people get the feeling that producing a passport would require a TLA/nation state/organized crime/etc. You can get one for peanuts. I've been offered one once, and I inquired about the details -- for just ~$25 (100PLN) the guy claimed it's done on original booklet, etc. That's stuff for fooling actual government officials. No need to sacrifice that whole $25 to get a fake for Debian purposes, though -- no one among us can tell apart one booklet/card with a badly-made photo from another. Waving a passport or similar id offers laughable security. Meow. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ It's time to migrate your Imaginary Protocol from version 4i to 6i. ⠈⠳⣄⠀⠀⠀⠀
