Versions Compared

Old Version 20

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 21

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We will have a PGP Key Signing at the conference. It will happen at the end of the Welcome Reception, early evening on Wednesday October 11May 2, 20062007. The exact location will be announced during the reception – just listen for people shouting!

...

  • E-mail your key to Sander Temme at sctemme <at> apache <dot> org as soon as possible. To get your key in emailable form use (PGP works similarly):
    $ gpg --armor --export KEY_ID > mykey.asc
    Then just copy and paste the contents of mykey.asc in an e-mail to me. Or, if you're Studly as Hell with the Shell, just do it all in one line like I would (substitute your own key ID for the hexadecimal number):
    {{$ (echo "Hey Sander, here's my key!"; echo ""; gpg --armor --export 152924AF) | }}
    mail -s "Key for ApacheCon Keysigning" sctemme@apache.org

This of course only works if your host has a working mail infrastructure. The key list, and a PGP (or GnuPG) keyring export will be available for your convenience at the following URL:

http://people.apache.org/~sctemme/ApconUS2006ApconEU2007/keysigning/

The PGP Keysigning Event

  1. Everybody gets a print-out of the key list. I will make those and have them available.
  2. The key entries on the printout are numbered. All participants line up in the order of their keys.
  3. The list will also be on the projection screen. You verify that your entry on the printout is correct: that the key ID, fingerprint and name + e-mail information match what you submitted. You also verify that your entry on the printout is the same as your entry on the screen.
  4. I will call out the name of each participant, in order. When your name is called, tell all participants loudly whether your information as verified in step 3 is correct.
  5. As participants positively verify their information, check whether their entry on the screen matches their entry on your printout. If so, you can place a check mark in the first of the two boxes at the right of your printout. Why do we do this? To make sure we all have the same list, and that the list is correct. You are verifying that I didn't make any mistakes compiling the list, or that I didn't nefariously doctor anyone's key. 1.#6 Once everyone's key data has been verified, the fun part starts. We're going to double back the line, have each participant walk past everyone else. As you meet each other participant, you identify them. If you make positive identification, you place a check mark in the second box at the right of your printout. How do you identify people? That is up to you. Some folks check each other's passport or driver's license, but that means you trust the government to provide positive identification. And who trusts the government anymore these days? Some folks just know each other, or, if they haven't met before the conference, have gotten to know each other well enough to assert that they know who they are. It's really up to you, and if you can't identify the other person to your liking, don't place that checkbox and don't sign their key. 1.#7 After everyone has met everyone else, you should have a list with a bunch of checkmarks in the right columns. Put this list in your pocket. Back in your hotel room, pull out the list, and sign the keys that you gave two checkmarks. Then, upload the signed key to the following two keyservers:

...