Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674608

Summary: Unjustified developer signatures on np-hardass' key
Product: Community Relations Reporter: Michał Górny <mgorny>
Component: Developer RelationsAssignee: Gentoo Council <council>
Status: RESOLVED INVALID    
Severity: normal CC: blueknight, gokturk
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-01-05 14:17:41 UTC 
So:

uid  NP-Hardass <NP-Hardass@gentoo.org>
sig!3        EEAFED89024C043D 2015-06-24  Yury German (Gentoo Dev Key) <blueknight@gentoo.org>
sig!         94528F870FE37034 2017-04-18  Göktürk Yüksek <gokturk@gentoo.org>


Why did you sign an UID whose name is explicitly fake?  Did you actually verify his ID, and seen that name on it?  How can we build proper WoT between Gentoo developers if developers are making fake cross-signatures?

@blueknight, @gokturk: I'd like to explicitly request that you revoke those signatures and don't make any more signatures without verifying the owner's identity.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2019-01-13 19:32:12 UTC 
As discussed in today's council meeting, as we do not have an OpenPGP WoT policy in place in Gentoo, the council does not have a role in this case.