For nm.debian.org, at 2023-08-30: For the past year, I have worked with Bo YU on some python packages as well as collaboration in debian-riscv mailing list. For this past work, Bo YU sent mails using the email address tsu.yubo@gmail.com which is the one they're using on nm.debian.org, and they signed their work and email using a GPG key with fingerprint E252 1CB8 1757 36A9 7052 B2F8 954E 6A70 1005 98A2. I've made sure that they are able to decrypt encrypted messages sent to this key and that they're able to sign messages with the same key. Due to the long-term interactions we had, I'm convinced that Bo YU as they present themselves on nm.debian.org is the rightful owner of both email tsu.yubo@gmail.com and GPG key E252 1CB8 1757 36A9 7052 B2F8 954E 6A70 1005 98A2.