For nm.debian.org, at 2023-08-27:
I have worked with Bo YU on Python packages and activity on debian-riscv
in the past year.
For this past work, Bo YU sent mails using the email address firstname.lastname@example.org
which is the one they're using on nm.debian.org, and they signed their work and
email using a GPG key with fingerprint 21C9 A18D 8553 9666 9BD2 D8E9 F915 4FDE 143E 4BAF.
I've made sure that they are able to decrypt encrypted messages sent to this key
and that they're able to sign messages with the same key.
Due to the long-term interactions we had, I'm convinced that Bo YU as they
present themselves on nm.debian.org is the rightful owner of both email
email@example.com and GPG key 21C9 A18D 8553 9666 9BD2 D8E9 F915 4FDE 143E 4BAF.