[aur-general] TU application - speps
Massimiliano Torromeo
massimiliano.torromeo at gmail.com
Fri Apr 27 03:34:01 EDT 2012
On Fri, Apr 27, 2012 at 3:54 AM, speps <dreamspepser at yahoo.it> wrote:
> On Fri, 27 Apr 2012 00:46:03 +0200
> Gaetan Bisson <bisson at archlinux.org> wrote:
>
>> [2012-04-26 21:26:19 +0200] speps:
>> > So, from the beginning of my Internet experience, I never referenced to
>> > myself through my real name/life, but using a nickname, a digital identity.
>>
>> Also, your IP address is in the headers.
>
> Not a problem :)
>
>> Anyhow, there is no anonymity debate: different master key holders
>> verify different aspects of who you claim to be, and that is all there
>> is to it. For instance, they may verify your email address by asking you
>> to reply to encrypted messages, or verify your website by asking you to
>> upload your public key there. Verifying your identity is another element
>> that builds up confidence and reputation, even when it is not directly
>> related to your packaging activities. The point being that we get a
>> notion of trust a little stronger than "I never saw bad packages coming
>> that way."
>
> Hi and thanks for sharing your opinions on the topic.
> If I didn't get it wrong, this means real name is not mandatory, but an additional
> point that may enforce trust for someone while it confirms relevant informations.
>
>> Speaking of email addresses, could you show us that you own
>> dreamspepser at yahoo.it since it is what you used on the AUR?
>
> Here I am
>
>> > As you can see I sign mails with my GPG Key
>>
>> Could you publish that key somewhere?
>
> Sure, it is already published on the pgp.mit.edu key server
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xCF7037A4F27FB7DA
>
> GPG-Key: 0xF27FB7DA
> Key fingerprint: 8840 BD07 FC24 CB7C E394 A07C CF70 37A4 F27F B7DA
>
>> Cheers.
>
> Regards
>
>
> - speps -
It's odd that with more than 600 packages on AUR I don't use a single
one of them but that's not an issue of course :P and their quality is
good.
I never had a problem revealing my real-life identity on the internet
but I also don't think that it actually changes anything since, as
everyone else already pointed out, I think GPG identities are already
providing the necessary security requirements for Arch.
Even if I met speps in the flesh, it's not like I would trust him any
more than I do now just because he has a face.
More information about the aur-general
mailing list