[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: testing my pgp/introducing myself

On Thursday 04 May 2006 21:59, Karsten Wade <kwade redhat com> wrote:
> Missed opportunity at the last FUDCon for a keysigning.  Why don't we
> care about those anymore?  Don't we need a strong web of trust for
> Fedora keys to mean anything themselves?
> Is there any way we can do keysigning parties not in person?  For
> example ...
> Okay, I started to write out a process that included pictures of
> ourselves signed and encrypted and verified ... and it was crazier than
> ever.
> Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> pause for a keysigning wherever two Fedorans meet in the meat?

Others may have a different view, but I don't see meeting in person as a 
requirement for trust among Fedora contributors.  The real purpose of 
requiring face-to-face contact is to allow identities to be verified.  Since 
we are identified to each other by our contributions, we have less of a need 
to attach a GPG key to a face and more need to attach a GPG key to a 
contributor identity.  This can be accomplished through regular usage of 
keys.  For example, since I always sign my messages, and you can be 
reasonably sure of my contributor identity, you can infer that it is safe to 
trust the key that I regularly sign with.  It would be just as easy for 
someone to show up at a FUDCon with an ID card that has my name on it and 
claim to be me for the sake of getting their key signed, and that's why 
face-to-face keysigning parties aren't as useful for Fedora contributors.

Patrick "The N-Man" Barnes
nman64 n-man com



Have I been helpful?  Rate my assistance!

Attachment: pgpQrTjjUPphO.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]