For nm.debian.org, at 2023-01-13: For the past 5 years, I have worked with Douglas Kosovic on network-manager-l2tp. For this past work, Douglas Kosovic sent mails using the email address doug@uq.edu.au which is the one he is using on nm.debian.org. During that time, Douglas used a key with fingerprint E48B D89A 1C51 BFA2 8413 D183 49A7 787E F8D3 C039. His package uploads to mentors.d.o were signed with that key and upstream releases were signed with this key as well, see e.g. https://github.com/nm-l2tp/NetworkManager-l2tp/releases/tag/1.20.6 I encouraged him to apply for DM. During that process, he created a new GPG key with stronger encryption and fingerprint 2B4F 9EDC AE00 DEE4 D0D7 A6E5 8895 3E6F 011C DC96. I've made sure that he is able to decrypt encrypted messages sent to this new key and that he is able to sign messages with the same key. Doug also sent a statement to me signed by his old key that he is now using the new key including its fingerprint. So I'm confident that he controls both keys. New releases of network-manager-l2tp also use his new key, see e.g. https://github.com/nm-l2tp/NetworkManager-l2tp/releases/tag/1.20.8 Due to the long-term interactions we had, I'm convinced that Douglas Kosovic as he presents himself on nm.debian.org is the rightful owner of both email doug@uq.edu.au and GPG key 2B4F 9EDC AE00 DEE4 D0D7 A6E5 8895 3E6F 011C DC96.