Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 674608 - Unjustified developer signatures on np-hardass' key
Summary: Unjustified developer signatures on np-hardass' key
Status: RESOLVED INVALID
Alias: None
Product: Community Relations
Classification: Unclassified
Component: Developer Relations (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Council
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-05 14:17 UTC by Michał Górny
Modified: 2019-01-13 19:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-01-05 14:17:41 UTC 
So:

uid  NP-Hardass <NP-Hardass@gentoo.org>
sig!3        EEAFED89024C043D 2015-06-24  Yury German (Gentoo Dev Key) <blueknight@gentoo.org>
sig!         94528F870FE37034 2017-04-18  Göktürk Yüksek <gokturk@gentoo.org>


Why did you sign an UID whose name is explicitly fake?  Did you actually verify his ID, and seen that name on it?  How can we build proper WoT between Gentoo developers if developers are making fake cross-signatures?

@blueknight, @gokturk: I'd like to explicitly request that you revoke those signatures and don't make any more signatures without verifying the owner's identity.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2019-01-13 19:32:12 UTC 
As discussed in today's council meeting, as we do not have an OpenPGP WoT policy in place in Gentoo, the council does not have a role in this case.