[aur-general] GPG Key Signing

Peter Lewis plewis at aur.archlinux.org
Thu Dec 1 10:36:31 EST 2011

On Thursday 01 Dec 2011 09:08:39 Thomas Dziedzic wrote:
> I do find it kind of abnormal that a TU does want to retain his real name.

To be fair that are loads of potential reasons why someone wouldn't want their 
actual identity disclosed in a place where discussions are archived on the web 
with timestamps and everything. He could be doing all this in a place where 
free use of the Internet is forbidden, could be on a witness protection 
programme, could be doing it while at work and slacking off and not wanting to 
get caught, could actually be Kim Jong Il in his spare time. Seriously, we 
have no way to judge reasons or not. And this isn't specific to Xyne, or 
anyone else.

My real name is actually Robert Parks.



> There may be legitimate reasons for doing this or not, I don't know.
> But I also have to agree with Thomas on this one.
> I don't think anyone has actually verified that any of the given names
> are real names.
> What's important is that you're verified that you use the key to sign
> your packages in case someone does get compromised or decides to go
> rogue, then we will have a way to easily track which packages should
> become void.

Absolutely. Let's not turn into Google+ over this one...


More information about the aur-general mailing list