[aur-general] GPG Key Signing

Seblu seblu at seblu.net
Thu Dec 1 20:11:57 EST 2011

On Fri, Dec 2, 2011 at 1:23 AM, Xyne <xyne at archlinux.ca> wrote:
> Ionut Biru wrote:
>> why are you so sure that I'll sign it?
> I no longer am, but until you replied I never had any reason to doubt it.
> As for the discussion about my name:
> As stated, there could be many reasons. Perhaps I do not wish to be found by
> someone for whatever reason. Perhaps my name appears in publications and I do
> not wish to have people who read them contact me here. Perhaps I simply enjoy
> anonymity for the sake of anonymity.
> I could easily claim a fake name to make you happy and you would never know the
> difference. The name means absolutely nothing.
> I have been an active member of this community for over 3 years and a TU for
> about 2.5. I have made numerous contributions during that time. I have had
> ample opportunity to be malicious had I so chosen (e.g. when
> powerpill/bauerbill were way up on the package stats).
> You know me through my deeds here. They mean much more than some random name.
> Also, consider this. I am much more civil to people behind an anonymous
> identity than people like Angel are behind their (presumably) real names. That
> in itself should say something about my character.
> As I said to keenerd in a private email, if this is really an issue for some of
> you then start a discussion and call a vote to remove me as a TU. Even if the
> vote passes I may resign if I see many that would like me gone, so you win.
> For what it's worth, I really do like this community and I hope to continue to
> contribute to it. This has never been an issue before and the only reason it
> might be an issue now is because some people confuse trivial knowledge with
> intimacy and trust. Trust should be built on deeds and experience, not how many
> blanks you can fill in on a piece of paper.

Even if it's more plesant to talk to people who don't hide their
identities, I agree with Xyne and Thomas.

The relationships we build together by sharing, packaging, hacking is
a higher level of trust that a real identity or a 5 minutes meeting in
a café.

I'm wondering, reading this thread, why packages signing, which is a
wonderful technical way to be sure that someone who claims doing a
package is really him, become, a way to ask to developer or tu to
prove their _real_ identities.


Sébastien Luttringer

More information about the aur-general mailing list