-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

For nm.debian.org, at 2026-05-07:
For the past 1.8 years, I have worked with Ural Tunaboyu, mostly on Ubuntu, but
also at the src:autopkgtest Debian package.

For this past work, Ural Tunaboyu sent mails using the email address ural.tunaboyu@canonical.com
which is the one they're using on nm.debian.org, and they signed their Ubuntu uploads
using a GPG key with fingerprint 43BE 0BFA 6D80 4B7A 030D  F490 6A3B 5AF0 CF48 3C50.

I've made sure that they are able to decrypt encrypted messages sent to this key
and that they're able to sign messages with the same key.

Due to the long-term interactions we had, I'm convinced that Ural Tunaboyu as they
present themselves on nm.debian.org is the rightful owner of both email
ural.tunaboyu@canonical.com and GPG key 43BE 0BFA 6D80 4B7A 030D  F490 6A3B 5AF0 CF48 3C50.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEVhrVhe7XZpIbqN2W1lhhiD4BTbkFAmn8tCcACgkQ1lhhiD4B
Tbm/Hgf/cMMgq2T76KEH+e67S2TyEAkFLyw9KhvobC4BcQ+knMFe534f7wGjgG0t
GtXC1aGIFL585Ip/uYFWPVu65Y6lMGqp8EuPCC/y17HgbhJ+cK+nOfHxyeWCUAS/
FzY5aTq4DDnWBBh9qjBZQABv3Gkql5hhgjaJuSsc5GbAuNRfYHDOsDLjcKqyi4Q/
7NPZt3w3fJngra6pKUDBhq0CKdvwf4O/FIa6FkqsO1Vyw/Lap52dbiaI5Vp1HTgn
lTwlw2yDkw/2lbM8EN1ayyz68L8Wqpe3HyKf0bAIvZndMeTbXb3FwdfrUUbZVuAP
y/SDFEm22yksjMmopFnqPokRFG+TEg==
=9CzD
-----END PGP SIGNATURE-----