@pleia2 @ariadne I guess the concern would be that a nation state actor with significant resources has much *more* of an ability to deal with most of those barriers than a genuine volunteer contributor usually does.

(While someone without such resources mostly isn't going to be doing an elaborate long-term attack like this.)

So it's not paranoid, but it's unclear how much it would help.

@waldi @ids1024 @pleia2 does it though? i am sure an alphabet soup agency can just designate one physical person to run point on any in-person interactions with the APT.

i guess i am just not convinced that this has any meaningful defense against APTs who can likely issue fake travel docs any time they want.

what the cross-signing *does* help with is ensuring that no single party controls all of the signing keys used for Debian. but in practice, the reason why that is important is largely tied to how Debian-like distributions ingest source code to create debs.

(and nothing stops an APT from just going through mentors.debian.org just like nothing stops an APT from just submitting PRs to aports and finding a useful person to unwittingly merge them into Alpine)

@ariadne @waldi @pleia2 It would probably be most useful if the people meeting had communicated a lot online. In the case of xz, if "Jia Tan" met in person with Lasse Collin, and they talked much about plans with xz, it may become suspicious if "Jia" doesn't act very knowledgeable about xz, or even their own work, and speaks quite differently from how they do online.

So it may be hard to send someone else. Which is at least some kind of barrier.

I'm not familiar with how this works in Debian.