For nm.debian.org, at 2022-08-24: For the past many months, I have worked with Vivek K J on ruby gem packages. For this past work, for last one moneht, Vivek K J sent mails using the email address vivekkj@disroot.org which is the one they're using on nm.debian.org, and they signed their work and email using a GPG key with fingerprint D017 9263 E202 0E40 7157 4073 A5FF 4BB3 EA53 C5DF. Before this he was using <vivekkj@protonmail.com> and key 184CC5F4856495978CD5E78F93AE9C793ED11852 since only paid version of protonmail provides smtp access, he could not sign mails using a gpg supported client, so he switched his email address to disroot.org which provides smtp access. Due to this change he had to close his earlier process and start again with this new process. Additionally we have been interacting over matrix all this time in addition to communication over email. I've made sure that they are able to decrypt encrypted messages sent to this key and that they're able to sign messages with the same key. Due to the long-term interactions we had, I'm convinced that Vivek K J as they present themselves on nm.debian.org is the rightful owner of both email vivekkj@disroot.org and GPG key D017 9263 E202 0E40 7157 4073 A5FF 4BB3 EA53 C5DF.