Steve Greenland (stevegr) & Debian: a Dead Man Uploading?
In April 2020, we notice that Steve Greenland was removed from the Debian keyring.
We went looking for details. Was he expelled, was it political? Was it based on falsified evidence, the way Debian Account Manager Enrico Zini falsified harassment claims against Jacob Appelbaum?
In fact, Steve Greenland died of cancer in July 2009. He was still on the Debian keyring up to 2020 because the Debian Account Managers (DAMs) were too busy playing politics. They were making up false evidence to remove political opponents but it never occurred to them that Greenland's computers, with his PGP keys, would have been acquired by relatives or even sold on eBay.
Anybody who obtains the PGP key of a Debian Developer is able to modify and upload a new version of any package in the Debian archive.
Greenland's key could have been used by somebody else in the project to vote twice in controversial ballots, such as those regarding systemd and the Code of Conduct.
This risk was in the Debian keyring for 11 years, longer than the two years that Debian had a vulnerability in the OpenSSL / OpenSSH key generation due to a rogue patch by a volunteer.
This incident demonstrates the extent to which Debian's toxic culture is a threat to the security of all users and not just the volunteers who have died in the middle of blackmail experiments.