Wookey, Intrigeri, Cryptie & Debian pseudonyms beyond Edward Brocklesby
Reprinted with permission from Daniel Pocock.
When Shaya Potter was expelled from Debian, he continued his career using the same name. Yet when Edward Brocklesby (ejb) was expelled for hacking, he seems to have vanished, raising questions about whether he really existed at all.
The discussion about Brocklesby has stirred up questions about some developers with unusual names.
Having an unusual name or a pseudonym doesn't automatically imply wrongdoing. In some ways, these names may attract more attention to the person's activities but on the other hand, if it is a pseudonym, which isn't always the case, it allows them to avoid responsibility for their mistakes.
The first name that came up is Wookey. Many people have met Wookey in real life at events, therefore, we can associate the name with a face. Wookey has written a page on his web site explaining how he changed his name to Wookey and it is a single family name without first name.
I've always been called Wookey - ever since I went to the sort of school where they just use your surname when I was a kid. Eventually I decided to make it official (by Statutory Declaration) and drop my first name, so since 1987 I've been 'Wookey' (no forenames or initials).
The first person to verify Wookey's identity with PGP was Chris Rutter, one of the Debian fatalities. Given Rutter's age at the time, he was only 18 or 19, he may not have had a lot of experience with authenticating passports and similar documents. Nonetheless, he did send a report about the case to the account manager who relayed the feedback to debian-newmaint-discuss:
To: Debian NM List <debian-newmaint-admin@lists.debian.org> Subject: AM report for Wookey From: Craig Small <small@eye-net.com.au> Date: Thu, 22 Feb 2001 11:31:47 +1100 Message-id: <20010222113147.A11916@eye-net.com.au>
ID --- GPG key signed by Chris Rutter <cmr@debian.org> As an additional step, I asked Chris if the applicants full name is 'Wookey' as he attests. Chris emailled me a GPG signed mail saying that he has seen official documents stating this is his real name. ID step passed.
[...]
Another interesting case is that of Intrigeri ( Debian profile). People can look through the Debian New Maintainer discussion to see who signed the key and how they were satisfied to accept the name Intrigeri.
In the world of FSFE, we had an employee of the French government, Amandine Jambert, using the pseudonym cryptie. This was a situation that raised complex ethical concerns. Madame Jambert subsequently resigned from FSFE. In fact, a lot of people have resigned from FSFE over the years.
The notion that we should trust somebody's name based on the identity documents they carry implies we are putting our trust in the institutions that issue those identity documents. In practice, there have been various cases around the world where state actors have created fake documents. Stolen documents are not easy to get but it is not unheard of either.
Therefore, instead of worrying about people who have chosen unusual names or pseudonyms, maybe we need to take a lesson from the X files: Trust No One. █