For nm.debian.org, at 2022-04-12: For the past 6+ months, I have worked with Mohammed Bilal in ruby team, libgit2 transition and puma security update. For this past work, Mohammed Bilal sent mails using the email address mdbilal@disroot.org which is the one they're using on nm.debian.org, and they signed their work using a GPG key with fingerprint 2D65 BC1E B966 5A6E 97F9 730A B3F5 9452 8521 9E1F (salsa.debian.org shows their commits as verified - by matching verified email and key). I've made sure that they are able to decrypt encrypted messages sent to this key and that they're able to sign messages with the same key. Due to the long-term interactions we had, I'm convinced that Mohammed Bilal as they present themselves on nm.debian.org is the rightful owner of both email mdbilal@disroot.org and GPG key 2D65 BC1E B966 5A6E 97F9 730A B3F5 9452 8521 9E1F.
For nm.debian.org, at 2022-04-13: For the past month, I have worked with Mohammed Bilal on QA work and autopkgtest for debian med packages. Prior to that I have also seen mails from them on the debian-ruby mailing list. For all past work, Mohammed Bilal sent mails using the email address mdbilal@disroot.org which is the one they're using on nm.debian.org. I made the following checks on their keys: - - Checked gpg signature on email, both in personal correspondence and on mailing lists which is the same as their key used on nm.d.o - - Checked signed commits from them indicating good signatures - - Made sure that they are able to decrypt messages encrypted with their GPG key B3F5945285219E1F Due to the past interactions we had, I'm convinced that Mohammed Bilal as they present themselves on nm.debian.org is the rightful owner of both email mdbilal@disroot.org and GPG key 2D65 BC1E B966 5A6E 97F9 730A B3F5 9452 8521 9E1F.