On Thu, Jun 18, 2026 at 10:11:28AM -0500, Simon Josefsson wrote: > Interesting, so there is a google account for > [email protected] which binds Debian to Google's ToS?
Talk to a lawyer about "contracts of adhesion" and what might be required for someone to bind the Debian organization (when they might not be authorized to do that). But I kinda doubt that. If someone had set up a Google Account with the [email protected], there should have been an e-mail message sent to that address requesting verification (e.g., please click on this link, or enter this numeric code in the verification web page, etc.). Unfortunately, it's unclear how long this Google Account was created. I was trying to find it by searching for emails from "[email protected]", but despite the claims of [1] there doesn't seem to be an author search feature at [2]. :-( [1] https://wiki.debian.org/DebianMailingLists/SearchHowto [2] https://lists.debian.org/search.html > Shouldn't we cancel this account and refuse the ToS? Someone could try doing a password reset for "[email protected]" --- e.g., like this[3]. The problem is this spams the mailing list, and there is no way to know whether the person who did this was someone who was indeed, a white hat or not. [3] https://lists.debian.org/debian-devel/2026/06/msg00237.html So it would probably be best to make an official request that the account was fradulent created and to please have it deleted. That would ideally would need to come from the DPL, so it would be official. I can help to get it do someplace official if that's needed. Contact me off-line if that help would be helpful. Cheers, - Ted
