[aur-general] GPG Key Signing

Ray Rashif schiv at archlinux.org
Thu Dec 1 15:14:28 EST 2011

On 1 December 2011 23:36, Peter Lewis <plewis at aur.archlinux.org> wrote:

> On Thursday 01 Dec 2011 09:08:39 Thomas Dziedzic wrote:
> > I do find it kind of abnormal that a TU does want to retain his real
> name.
> To be fair that are loads of potential reasons why someone wouldn't want
> their
> actual identity disclosed in a place where discussions are archived on the
> web
> with timestamps and everything. He could be doing all this in a place where
> free use of the Internet is forbidden, could be on a witness protection
> programme, could be doing it while at work and slacking off and not
> wanting to
> get caught, could actually be Kim Jong Il in his spare time. Seriously, we
> have no way to judge reasons or not. And this isn't specific to Xyne, or
> anyone else.
> My real name is actually Robert Parks.
> Perhaps.
> :-p
> > There may be legitimate reasons for doing this or not, I don't know.
> > But I also have to agree with Thomas on this one.
> > I don't think anyone has actually verified that any of the given names
> > are real names.
> > What's important is that you're verified that you use the key to sign
> > your packages in case someone does get compromised or decides to go
> > rogue, then we will have a way to easily track which packages should
> > become void.
> Absolutely. Let's not turn into Google+ over this one...
> Pete.

I am in full agreement with Thomas as well. There are many valid reasons
for not using your real name on the Internet. Genius people hide behind
screen names and yet we benefit from their work. So there is no reason we
should say "you there, you genius kid. what's yo name? no name? get outta
here we don't need yo charity."

But of course I'm not assuming Xyne is a genius, or a kid.


More information about the aur-general mailing list