On 7/26/24 12:34 AM, David C. Rankin wrote:
On 7/24/24 3:57 PM, Jayesh Badwaik wrote:
Dear Quentin,
I wish you luck for your application. I'm just a Arch user with no background in security and I'm not really qualified to judge the application. So, this is a question rather than anything else. Your username is quite kind of obfuscated. My naive intuition tells me that this is bad security practice because it would be quite expensive and error-prone to verify if a user I've received a mail from is indeed you or someone who's username is slightly different from you. Is my intuition right or wrong? If wrong, why is it wrong?
Thank you.
Very good point,
Let's make sure it isn't an alias for Jia Tan...
Quentin actually uses the "mh4ckwascut" nickname on Arch side for most (e.g. on the AUR [1]), which I think is reasonably easy to process for people. Also, once again, a nickname/alias has never been a relevant proof of authenticity/identification contrary to other means meant for that, for instance GPG signing (which we require when submitting an application). The (nick)name I sign my mails with should not be what people should look for to prove my identity and could theoretically be changed at each messages without altering the authenticity of my GPG signature. Such an obfuscated nickname can indeed potentially be the source of technical complications for specific stuff but proving the authenticity of a mail is not one of them. Let's please stop with that *not so* "very good point" and focus on Quentin's application as a whole :) [1] https://aur.archlinux.org/account/mh4ckwascut -- Regards, Robin Candau / Antiz