For nm.debian.org, at 2022-07-18: For the past 8-9 months, since November last year, I have worked with Robin Jarry on buildbot and aerc. For this past work, Robin Jarry sent mails using the email address robin@jarry.cc which is the one they're using on nm.debian.org. I have made the following checks for their keys: 1. Checked signs in atleast 5-6 emails (and commits) in past month 2. Checked their signed commits to the repositories. I checked several of his upstream project repositories releases like aerc, dlrepo, sysrepo-python etc. all of which are all signed with his gpg key. 3. Made sure that they are able to decrypt the messages sent to them with their GPG key I've made sure that they are able to decrypt encrypted messages sent to this key and that they're able to sign messages with the same key. Due to the long-term interactions we had, I'm convinced that Robin Jarry as they present themselves on nm.debian.org is the rightful owner of both email robin@jarry.cc and GPG key DC07 18E3 22E2 C760 5EBD C831 4695 7EC0 8FD0 FE90.