[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: testing my pgp/introducing myself



On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote:
> On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
> > On Thursday 04 May 2006 21:59, Karsten Wade <kwade redhat com> wrote:
> > >
> > > Missed opportunity at the last FUDCon for a keysigning.  Why don't we
> > > care about those anymore?  Don't we need a strong web of trust for
> > > Fedora keys to mean anything themselves?
> > >
> > > Is there any way we can do keysigning parties not in person?  For
> > > example ...
> > >
> > > Okay, I started to write out a process that included pictures of
> > > ourselves signed and encrypted and verified ... and it was crazier than
> > > ever.
> > >
> > > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> > > pause for a keysigning wherever two Fedorans meet in the meat?
> > >
> > 
> > Others may have a different view, but I don't see meeting in person as a 
> > requirement for trust among Fedora contributors.  The real purpose of 
> > requiring face-to-face contact is to allow identities to be verified.  Since 
> > we are identified to each other by our contributions, we have less of a need 
> > to attach a GPG key to a face and more need to attach a GPG key to a 
> > contributor identity.  
> 
> +1. Many Fedora contributors may not be able to meet others
> physically...though we do access the same Project services via online
> identities, so perhaps Project people or systems could serve as trusted
> third-parties in some fashion...
> 
> > This can be accomplished through regular usage of 
> > keys.  For example, since I always sign my messages, and you can be 
> > reasonably sure of my contributor identity, you can infer that it is safe to 
> > trust the key that I regularly sign with.  
> 
> Lots of the bits that make up a contributor identity are listed on
> personal Wiki pages, or in the accounts system... Random thought: The
> CLA agreement has to be GPG signed, and the accounts system provides a
> list of contributors. Does the database behind the accounts system store
> anything relating to GPG?

In answer to my own question: Yes, you can find out a particular
contributor's GPG key ID from the accounts Web interface by selecting a
group, "Show all" to list the accounts, and clicking the username of
that contributor.

-- 

Stuart Ellis

stuart elsn org

Fedora Documentation Project: http://fedora.redhat.com/projects/docs/

GPG key ID: 7098ABEA
GPG key fingerprint: 68B0 E291 FB19 C845 E60E  9569 292E E365 7098 ABEA

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]