[aur-general] TU application - speps

Massimiliano Torromeo massimiliano.torromeo at gmail.com
Fri Apr 27 03:34:01 EDT 2012

On Fri, Apr 27, 2012 at 3:54 AM, speps <dreamspepser at yahoo.it> wrote:
> On Fri, 27 Apr 2012 00:46:03 +0200
> Gaetan Bisson <bisson at archlinux.org> wrote:
>> [2012-04-26 21:26:19 +0200] speps:
>> > So, from the beginning of my Internet experience, I never referenced to
>> > myself through my real name/life, but using a nickname, a digital identity.
>> Also, your IP address is in the headers.
> Not a problem :)
>> Anyhow, there is no anonymity debate: different master key holders
>> verify different aspects of who you claim to be, and that is all there
>> is to it. For instance, they may verify your email address by asking you
>> to reply to encrypted messages, or verify your website by asking you to
>> upload your public key there. Verifying your identity is another element
>> that builds up confidence and reputation, even when it is not directly
>> related to your packaging activities. The point being that we get a
>> notion of trust a little stronger than "I never saw bad packages coming
>> that way."
> Hi and thanks for sharing your opinions on the topic.
> If I didn't get it wrong, this means real name is not mandatory, but an additional
> point that may enforce trust for someone while it confirms relevant informations.
>> Speaking of email addresses, could you show us that you own
>> dreamspepser at yahoo.it since it is what you used on the AUR?
> Here I am
>> > As you can see I sign mails with my GPG Key
>> Could you publish that key somewhere?
> Sure, it is already published on the pgp.mit.edu key server
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xCF7037A4F27FB7DA
> GPG-Key: 0xF27FB7DA
> Key fingerprint: 8840 BD07 FC24 CB7C E394  A07C CF70 37A4 F27F B7DA
>> Cheers.
> Regards
> - speps -

It's odd that with more than 600 packages on AUR I don't use a single
one of them but that's not an issue of course :P and their quality is

I never had a problem revealing my real-life identity on the internet
but I also don't think that it actually changes anything since, as
everyone else already pointed out, I think GPG identities are already
providing the necessary security requirements for Arch.
Even if I met speps in the flesh, it's not like I would trust him any
more than I do now just because he has a face.

More information about the aur-general mailing list