> > * The key must have an userid that refers to an official Gentoo e-mail > > address. E.g. dilfri...@gentoo.org > > no. there's no reason for this requirement, and it prevents proxy > maintenance long term. e-mail addresses do not verify identity, > verifying identify verifies identity. this is the point of the web of > trust.
So what sort of identity do you want to verify? Seriously, at the moment when I got my commit bit, noone from Gentoo had ever met me in person, and for sure noone had ever had a look at my passport or any similar legal document. The only established connection was my preexisting gpg key, which was then coupled to my gentoo account. As for proxy maintenance, isn't the whole point of that that the proxied maintainers are not devs and do not have (commit access | a gentoo.org user id)? I do not understand how this would prevent proxy maintenance. Now, e.g. overlay access is a different matter. But first things first. -- Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfri...@gentoo.org http://www.akhuettel.de/
signature.asc
Description: This is a digitally signed message part.
