-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

For nm.debian.org, at 2024-08-21:
For the past 2 years, I have worked with David Heidelberg on
webp-pixbuf-loader.

For this past work, David Heidelberg sent mails using the email address
david@ixit.cz which is the one he’s using on nm.debian.org, and he signed
his work and email using a GPG key with fingerprint
D77A 09CF EEDC 2BBD 53A7  0474 6002 3FC4 D349 2072.

I've made sure that his is able to decrypt encrypted messages sent to this key
and that he’s able to sign messages with the same key.

Due to the long-term interactions we had, I'm convinced that David Heidelberg
as he presents himself on nm.debian.org is the rightful owner of both email
david@ixit.cz and GPG key D77A 09CF EEDC 2BBD 53A7  0474 6002 3FC4 D349 2072.

I also support David Heidelberg <david@ixit.cz>'s request to become a
Debian Maintainer. I have worked with David Heidelberg on his package
and I consider his as having sufficient technical competence.

During our interactions regarding his work on webp-pixbuf-loader in recent
times, I rarely needed to contribute anything, and I was generally happy with
his work as it was, and uploaded it with no changes.

I also know David is passionate about Debian (and free software in general),
he’s attended DebConf and MiniDebConfs, he’s becoming a more active member of
the community.

I have personally worked with David Heidelberg <david@ixit.cz>
(key D77A09CFEEDC2BBD53A7047460023FC4D3492072) for 2 years, and I know David Heidelberg
can be trusted to have upload rights for their own packages, right now.
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZsYyZwAKCRDoRGtKyMdy
Ydv7AQD5B2UwgmlZNSRy3fDpQARdnFY0ef7LKJHBfGYN3Q1vdAEAgtOuqFv8Dkt4
0XUjkAWAWSSjIKbV3KOAPQeaSUt8Kwo=
=91qw
-----END PGP SIGNATURE-----