testing my pgp/introducing myself
Stuart Ellis
stuart at elsn.org
Sat May 6 13:56:08 UTC 2006
On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote:
> On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
> > On Thursday 04 May 2006 21:59, Karsten Wade <kwade at redhat.com> wrote:
> > >
> > > Missed opportunity at the last FUDCon for a keysigning. Why don't we
> > > care about those anymore? Don't we need a strong web of trust for
> > > Fedora keys to mean anything themselves?
> > >
> > > Is there any way we can do keysigning parties not in person? For
> > > example ...
> > >
> > > Okay, I started to write out a process that included pictures of
> > > ourselves signed and encrypted and verified ... and it was crazier than
> > > ever.
> > >
> > > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> > > pause for a keysigning wherever two Fedorans meet in the meat?
> > >
> >
> > Others may have a different view, but I don't see meeting in person as a
> > requirement for trust among Fedora contributors. The real purpose of
> > requiring face-to-face contact is to allow identities to be verified. Since
> > we are identified to each other by our contributions, we have less of a need
> > to attach a GPG key to a face and more need to attach a GPG key to a
> > contributor identity.
>
> +1. Many Fedora contributors may not be able to meet others
> physically...though we do access the same Project services via online
> identities, so perhaps Project people or systems could serve as trusted
> third-parties in some fashion...
>
> > This can be accomplished through regular usage of
> > keys. For example, since I always sign my messages, and you can be
> > reasonably sure of my contributor identity, you can infer that it is safe to
> > trust the key that I regularly sign with.
>
> Lots of the bits that make up a contributor identity are listed on
> personal Wiki pages, or in the accounts system... Random thought: The
> CLA agreement has to be GPG signed, and the accounts system provides a
> list of contributors. Does the database behind the accounts system store
> anything relating to GPG?
In answer to my own question: Yes, you can find out a particular
contributor's GPG key ID from the accounts Web interface by selecting a
group, "Show all" to list the accounts, and clicking the username of
that contributor.
--
Stuart Ellis
stuart at elsn.org
Fedora Documentation Project: http://fedora.redhat.com/projects/docs/
GPG key ID: 7098ABEA
GPG key fingerprint: 68B0 E291 FB19 C845 E60E 9569 292E E365 7098 ABEA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-docs-list/attachments/20060506/e6ef2e76/attachment.sig>
More information about the fedora-docs-list
mailing list