-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

For nm.debian.org, at 2022-04-12:
For the past 6+ months, I have worked with Mohammed Bilal in ruby team, libgit2
transition and puma security update.

For this past work, Mohammed Bilal sent mails using the email address mdbilal@disroot.org
which is the one they're using on nm.debian.org, and they signed their work using a GPG key
with fingerprint 2D65 BC1E B966 5A6E 97F9  730A B3F5 9452 8521 9E1F (salsa.debian.org
shows their commits as verified - by matching verified email and key).

I've made sure that they are able to decrypt encrypted messages sent to this key
and that they're able to sign messages with the same key.

Due to the long-term interactions we had, I'm convinced that Mohammed Bilal as they
present themselves on nm.debian.org is the rightful owner of both email
mdbilal@disroot.org and GPG key 2D65 BC1E B966 5A6E 97F9  730A B3F5 9452 8521 9E1F.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0whj4mAg5UP0cZqDj1PgGTspS3UFAmJWez0ACgkQj1PgGTsp
S3VjpRAAgVNdqUeZLF/XWxfS2k/GW79pdcPNqBtV383EbV4JaBYGdEAP1txM1mFB
zEqx7oPzi33rYtJb89rPp/ESebronq/vFkz5gHtwPAXX443HHw2cIYdF11XI/xd8
6pdd65WxNrHbK1t9z0ZkyiIHRFLtesfIylLA1VEn/E2v78SZvIYLHlL3MAd3vBCF
vfNzDCSKlcyZNxDnpHFJp4S7eRcZCDC1Dq0S2AAFRb9iT4YCv3QrIu4wNMj6wu4S
t3Y3bQ7BMp5Jk6lfMDB9XSHXOFcOuEdLr0fAVdnTKjqzGmJ25L2sL5i8PT4SoXzU
UNSLi3IDl6XLI6tF5wZmz2aTrjhniDJk0Y8GZQooryPNVx7mtYSrg77n2fdWOyP3
e/Wr0aS7PrTMwn2hsTd7A4zYdIPQjl5/SvATLI/jqMse6cEOu4yAKhlgzxz1vld9
nBqX2nvDqr584+BU937JQRVymETOeyFAJPPNycetdNLyr8loeD0JNbeaVlurUNM2
MESf8nj4NZSUQ5aE30Gvs5eYqOVnawT7FXQdsPzz3297Kn4V0Z2hcrzLzN9tQMFc
gGHucWiX8xXO5gwfWhaZbFRev5/dTS7Rf0S7n3LwS3wqygaTHkpmRwveWy3KbBCP
lI11lpMHpvSBtq1gFvjeLVMOHb6iUNzYiMeYt1mJOmGReCvj0Do=
=w/5O
-----END PGP SIGNATURE-----