[aur-general] GPG Key Signing

Thomas Bächler thomas at archlinux.org
Thu Dec 1 09:21:46 EST 2011


Am 01.12.2011 12:19, schrieb Xyne:
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).

Dan's way isn't just about knowing the realname. He wants to verify that
the name is correct.

I can't believe that we are having the identity verification discussion
again, but here is what I believe: You have been elected TU (or
Developer) and thus I trust your key. Knowing (or not knowing) your real
name doesn't change anything. In fact, I did not verify names for anyone.

What's important to me: If I find out that you release packages that are
harmful in any way, I can revoke my signature and block your packages
from being installed. Knowing your real name does not make that easier,
or prevent you from doing harmful things in the first place.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20111201/77eef213/attachment-0001.asc>


More information about the aur-general mailing list