For nm.debian.org, at 2023-01-13:
For the past 5 years, I have worked with Douglas Kosovic on network-manager-l2tp.
For this past work, Douglas Kosovic sent mails using the email address email@example.com
which is the one he is using on nm.debian.org.
During that time, Douglas used a key with fingerprint
E48B D89A 1C51 BFA2 8413 D183 49A7 787E F8D3 C039.
His package uploads to mentors.d.o were signed with that key and
upstream releases were signed with this key as well, see e.g.
I encouraged him to apply for DM.
During that process, he created a new GPG key with stronger encryption and
fingerprint 2B4F 9EDC AE00 DEE4 D0D7 A6E5 8895 3E6F 011C DC96.
I've made sure that he is able to decrypt encrypted messages sent to this
new key and that he is able to sign messages with the same key.
Doug also sent a statement to me signed by his old key that he is now using the
new key including its fingerprint. So I'm confident that he controls both keys.
New releases of network-manager-l2tp also use his new key, see e.g.
Due to the long-term interactions we had, I'm convinced that Douglas Kosovic as he
presents himself on nm.debian.org is the rightful owner of both email
firstname.lastname@example.org and GPG key 2B4F 9EDC AE00 DEE4 D0D7 A6E5 8895 3E6F 011C DC96.