1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.MENTOR

  • GPG user ID policy - online persona/brand

    From =?UTF-8?Q?D=C3=A1niel_Fancsali?=@21:1/5 to All on Mon Nov 14 14:50:01 2022
    Hello,

    I was just wondering the other day, what is and isn't acceptable as the
    "user id" of my package signing key?

    What if I have a separate online persona as a tech blogger, and I'd like
    attach the packages I create to that brand?

    Would the mentors project accept that? Would the debian mainstream accept
    that, if I make it so far that I got to be part of the Debian project?

    Is there any official policy/documentation/best-practices-list for this situation?

    Thanks,
    Daniel

    <div dir="ltr"><div>Hello,</div><div><br></div><div>I was just wondering the other day, what is and isn&#39;t acceptable as the &quot;user id&quot; of my package signing key?</div><div><br></div><div>What if I have a separate online persona as a tech
    blogger, and I&#39;d like attach the packages I create to that brand?</div><div><br></div><div>Would the mentors project accept that? Would the debian mainstream accept that, if I make it so far that I got to be part of the Debian project?</div><div><br><
    /div><div>Is there any official policy/documentation/best-practices-list for this situation?</div><div><br></div><div>Thanks,</div><div>Daniel<br></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Wookey@21:1/5 to All on Mon Nov 14 20:10:02 2022
    On 2022-11-14 13:44 +0000, Dániel Fancsali wrote:
    Hello,
    I was just wondering the other day, what is and isn't acceptable as the
    "user id" of my package signing key?
    What if I have a separate online persona as a tech blogger, and I'd like
    attach the packages I create to that brand?
    Would the mentors project accept that? Would the debian mainstream accept
    that, if I make it so far that I got to be part of the Debian project?
    Is there any official policy/documentation/best-practices-list for this
    situation?

    My understanding of policy is that what we really care about is that
    the GPG key securely attests to a particular identity. We prefer that
    to be somone's 'actual/real/offical' identity, but it can be another
    identity if it is consistently used. I believe we do have a few DD's
    that do not use their 'official/conventional' name within debian.

    I'm not sure what people would think of using a 'brand' identity, but
    it might be OK if that is how someone normally/consistently presents
    themselves within debian.

    This is just my personal understanding. I'm fairly sure there is some
    actual policy written down somewhere, probably in the 'DD/DM
    application process' info.

    Wookey
    --
    Principal hats: Debian, Wookware, ARM
    http://wookware.org/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAmNykHgACgkQ+4YyUahv nkeINQ/+K/P4jft3Ie5q6eWLceFY5mhW3PLyYGibRL61mqU3XFtP96K5g0TTfqW4 WpEl65Tgtjdkf9iJUNT+7wB1X+0IlSaiSZSt74ynGhRDyIUhWKWKKVr+oX0/4OEf bd0cRfioxBUY9N6Y8fpGwqv69pQXXjEKo9CUa8Q2OAMyazEOAHd187KuwptFCaJF EaL9S0yf+g0f4uspOADW/JTUk5h2V5o3HapkcwBdxd7qE0XkIUtA6mUutFCTVg05 EIqtR5R4wk+1dEtzaTyttCP+epmhLL9f1xrCaAxqdfdI85yIt2DQfmogVN6WvBpj DrraH3rEm3ohIdU3t+ymJ6NljZ65qQjrVsH00InwWbDf4A7SaJlyc8xXe6eV7BJo AID9orfTsAK0mdNbutU+bsHZ2RKfqWC4vQ0avosJiCnT2LcC78J8EHyKdGr0ni9q c5ZRusKIaiVITRnLQRnICWVhNnSViXM7rujAA0VyLCsLbn59OyolNWceF3Ojm+gP 6dEKDgJc3zrScSJ+Jf+mnkHCwDiiZ8bWaX4QtnqaT6oFENK6yyAAzPCluXaAZzrm CKxaSXydpVnqL5Xwb5qcRXTey+S1QobU9V2Lno5jD89FCGkrWLN3AACILiimHgJD atK4qDaE2haHrcF3JAWWWgxrOMcR5U4C9ZzMMIwQHXauZpGYTRQ=
    =V0fG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)