...
- Form 2 lines facing each other
- Pair up
- Check + Record:
- See the photo ID of the person opposite you
- See that the person owns the Apache or Github account
- Note down their Apache ID or Github ID
- Show them yours
- Move to the next person, wrapping the line when you reach the end
After the event:
- If Apache Committer get the key from https://people.apache.org/keys/committer/<name> eg https://people.apache.org/keys/committer/nick
- Otherwise get the key from https://github.com/<name.gpg> eg https://github.com/Gagravarr.gpg
- Import the public key with gpg --import thing-you-downloaded.asc
- Copy the Key ID of the key you just added eg 8AAF88D6D84E41AE
- Sign the public key ID with gpg --sign-key key-id-that-was-shown
- eg gpg --sign-key 8AAF88D6D84E41AE
- Push that key to a key server, eg gpg --send-key 8AAF88D6D84E41AE
A few days after the event
Fetch your key back from the key servers, and see lots of new signatures on it!
You will note that we aren't sharing long lists of fingerprints like in past years. We are relying on ASF Infrastructure and Github to handle the secure distribution of the keys, and instead focus on verifying the individual and their ownership of their accounts