These are all the places I can think of, where we store personal information:
- the Debian keyring
- alioth.debian.org (for -guest accounts)
- debian/ directory in packages (control and changelog)
- mailing list archives
- MIA database (not public)
See also : Debian Member Portfolio Service.
Let's go into details.
Mailing lists, packages, alioth
One has total control over the email address used to post to mailing lists, over their alioth -guest account information, and over what information is used in debian/control and debian/changelog.
Everything goes as long as uploads are signed with the GPG key of a DD (or DM), who takes responsibility for what goes in.
The OpenPGP key in the Debian keyring
Not much to say here: your key goes in the keyring with whatever information you put into it, and is publicly exported.
For the key to enter the keyring in the first place, some ID check is required, generally in the form of having other DDs sign some identities on your key.
http://keyring.debian.org/ has details on managing it.
LDAP is the place where we turn to for real life needs, and where we would like to have real personal information.
A subset of LDAP contents (first/middle/last names, key fingerprint, irc/jabber/icq contact info if provided) are publicly exported via db.debian.org, both on the web and over finger. That information also serves for sso.debian.org
http://nm.debian.org is only storing NM related information, and piggybacks on LDAP for personal information. The idea is that we want to reduce maintenance costs, so we try to reuse existing information sources.
The site is most notably the authoritative place to know the status of a person in Debian (DD, DM, ...). It also stores all information related to changes of status, like advocates, process history and AM history, which is publicly exported only partially, so that the process log can be updated freely without worrying of it showing up in internet search results.
It's partial (DM processes aren't yet tracked, for example) but getting better.
Given that it acknowledges someone's status in the project, it lends itself to be used to credit someone's contributions and reputation. For example, I find myself using the People search function a lot, combined with the DDPO and Portfolio links, as well as the changelogs link once you're logged in.
It has been pointed out, and I agree, that we should not publish real names unless where necessary, so that one can associate their Debian-related reputation with the online persona they prefer: for example, one may be known in the general developer community mostly via a nickname, and would prefer Debian-related search results to also show up under that nickname.
Has a settings page which can have email/jabber address, name, page subscriptions, timezone, other settings. These are not accessible by anyone except the wikiadm team and DSA.
Has a personal profile page where one can store email and various contact addresses/URLs. The profile page (example) is only exported to logged-in users and only in HTML form.
Contains information about all alternate email addresses for a person. TODO: it possibly contains something else, someone please fill in the details.
Stores other email addresses that might be unknown to the keyring & LDAP. Details. TODO: how is it kept up to date / exported?
People.debian.org member pages
Debian project members may be using a http://people.debian.org/~login/ homepage which may contain details about them. In particular, such a URL could serve a document pointing to the developer's FOAF profile (as explained in http://xmlns.com/foaf/spec/#sec-autodesc). See also the generated FOAF profiles at webid.debian.net