I'm using GPG to sign my git commits as the project I'm working for wants.
But I use a pseudonym and I don't want to be identified like by my GPG signature.
Over here: it asks us to use only our real names (as in our passport or government issued ID).
What is the necessity? How can I maintain my anonymity with GPG?
In general, this advice is linked to CLA (Contribution License Agreement), which defines the terms under which intellectual property has been contributed to a company/project, typically software under an open source license.
The Canonical contributor licence agreement for Ubuntu mentions in its FAQ that it uses now a copyright licence agreement (where the contributor grants permission for Canonical to distribute the contribution).
The Canonical Individual Contributor License Agreement is a deal between "You" and Canonical, so if you are using your GPG key, attaching it to a contribution to Canonical, its metadata should reflect "You" (actual name or address), in order for the IP (Intellectual Property) to be respected.
There are projects like CLAHub (Contributor License Agreements on GitHub) to make the process easier, but if you are using a GPG key for contributing to an open source project in the context of a CLA, then the information should be accurate.
If you are using the GPG key in any other context, you can associate any metadata (name/email, ...) that you want.
It's not necessary. You referenced
But (is Wiki-reference OK for you?):
when verifying signatures, it is critical that the public key used to send messages to someone or some entity actually does 'belong' to the intended recipient. Simply downloading a public key from somewhere is not an overwhelming assurance of that association; deliberate (or accidental) impersonation is possible
because I can see (and get) a lot of different "learner"'s signatures, I want (under some conditions) be sure, who is each "learner" and know - is it the same person or I have any type of impersonation
PS: Security site of SE-family may be better and more relevant location for such type of questions
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With