Versions Compared

Old Version 56

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 57

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: [Original edit by JeanFredericClere]

We will have a PGP Key Signing at the ApacheCon EUrope 2015 North America 2016 conference. It will happen Thursday, October 1 8:00-8:30pm in the Lehar Room in Corinthia HotelTO_BE_DONE.

Note that this event is usually hosted by Sander Temme, but it is hosted by Jean-Frederic this time. The procedure will remain the same, so as this wiki page except for this difference.

A GPG keyring with all the public keys on the key list will be posted at http://people.apache.org/~jfclere/2015EUKeyring2016NAKeyring/ once keys are collected.

Remember: you can always sign keys individually throughout the conference. Feel free to ask around: if you meet other people from your project in person, they often will be willing to sign keys. Some people print up simple business cards or small slips of paper with their name, email, and PGP key fingerprints to pass out.

...

  • E-mail your key to Jean-Frederic at * apachecon-keysigning@apache.org* as soon as possible, but definitely before Thursday, October 1 noon TO_BE_DONE because after that time I'm going to compile the list. To get your key in emailable form use (PGP works similarly): $ gpg --armor -export KEY_ID > mykey$USER.asc Then just copy and paste the contents of mykey.asc in an e-mail to me. The key list, and a PGP (or GnuPG) keyring export will be available for your convenience at the following URL: http://people.apache.org/~jfclere/2015EUKeyring2016NAKeyring/

The PGP Keysigning Event

  1. Everybody gets a print-out of the key list. I will make those and have them available.
  2. The key entries on the printout are numbered. All participants line up in the order of their keys.
  3. The list will also be on the projection screen (assuming we get a projector, and get it to work in a timely fashion). You verify that your entry on the printout is correct: that the key ID, fingerprint and name + e-mail information match what you submitted. You also verify that your entry on the printout is the same as your entry on the screen.
  4. I will call out the name of each participant, in order. When your name is called, tell all participants loudly whether your information as verified in step 3 is correct. Stand up and wave your arms if you want to, it's very important that the other participants see and hear you assert that this key is yours.
  5. As participants positively verify their information, check whether their entry on the screen matches their entry on your printout. If so, you can place a check mark in the first of the two boxes at the right of your printout. Why do we do this? To make sure we all have the same list, and that the list is correct. You are verifying that I didn't make any mistakes compiling the list, or that I didn't nefariously doctor anyone's key.
  6. Once everyone's key data has been verified, the fun part starts. Everybody gets up, and forms a line in the order in which you appear on the list. Once the line is formed, we'll double it: the first person in the line walks past the line until he or she ends up next to the last person, and everyone follows until we have a double line, half as long. Then, everyone makes a quarter turn so that they face the person next to them rather than the back of the person in front.
  7. Now, everyone in the line is going to identify every other participant. Start with the person standing (conveniently) right in front of you, then move one person to the right and repeat until you have met everyone in line. The line will fold upon itself in caterpillar fashion: once you reach the end just turn around and start going to the other side (the next person you "meet" will be your neighbour). As you make positive identification of a person, you place a check mark on their line in the second box at the right of your printout. How do you identify people? That is up to you. Some folks check each other's passport or driver's license, but that means you trust the government to provide positive identification. And who trusts the government anymore these days? Some folks just know each other, or, if they haven't met before the conference, have gotten to know each other well enough to assert that they know who they are. It's really up to you, and if you can't identify the other person to your liking, don't place that checkbox and don't sign their key.
  8. After everyone has met everyone else, you should have a list with a bunch of checkmarks in the right columns. Put this list in your pocket. Back in your hotel room, pull out the list, and sign the keys that you gave two checkmarks. Then, upload the signed key to the following two keyservers:
    • pgpkeys.mit.edu
    • minsky.surfnet.nl
      Then, send the owner of the key a signed, encrypted e-mail telling them that you have signed their key. Hopefully they will do you the same favor.

...