For nm.debian.org, at 2022-03-18: For the past 5 months, I have worked with Philip Wyett on libfilezilla, filezilla, and rednotebook. For this past work, Philip Wyett sent mails using the email address philip.wyett@kathenas.org which is the one they're using on nm.debian.org, and they signed their work and email using a GPG key with fingerprint 70A0 AC45 AC77 9EFE 84F6 3AED 724A A9B5 2F02 4C8B. I've made sure that they are able to decrypt encrypted messages sent to this key and that they're able to sign messages with the same key. Due to the long-term interactions we had, I'm convinced that Philip Wyett as they present themselves on nm.debian.org is the rightful owner of both email philip.wyett@kathenas.org and GPG key 70A0 AC45 AC77 9EFE 84F6 3AED 724A A9B5 2F02 4C8B.
For nm.debian.org, at 2022-03-18: I have sponsored a good number of packages by Philip Wyett, and the only key matching his name in my keyring is 70A0AC45AC779EFE84F63AED724AA9B52F024C8B. I am thus sure that this key has been used to sign recent uploads to mentors.debian.net, and those uploads have passed my review, thus ensuring that whoever controls that key is capable of doing good Debian work. I have not checked if that person carries an officially-looking id with a badly made photo, which used to be the sole concern for key signing -- but that's not what I'm hereby certifying. This key has been in my keyring since before 2021-01-01 (I've just checked yearly backup from that date).