[Seth-Trips] [evan@debian.org: ANNOUNCEMENT: Bay Area Debian Get-Together and Key-signing Party]
Seth David Schoen
schoen at loyalty.org
Wed Jul 11 11:33:30 PDT 2001
I am definitely going to this.
If you have a PGP or GNU key that you would like to get signed by a
number of Debian developers, including some well-connected people in
the web of trust, you should send the key ID and fingerprint to Evan,
and then show up in person at the party. You could also come if you
want to eat Laval's pizza.
----- Forwarded message from Evan Prodromou <evan at debian.org> -----
To: bad at bad.debian.net
Subject: ANNOUNCEMENT: Bay Area Debian Get-Together and Key-signing Party
From: Evan Prodromou <evan at debian.org>
Date: 08 Jul 2001 21:27:48 -0700
BAY AREA DEBIAN GET-TOGETHER AND KEY-SIGNING PARTY
--------------------------------------------------
Wednesday, 11 Jul 2001, 7:30PM
Laval's Pizza, 1834 Euclid Ave., Berkeley CA 94709.
Once again, Debian maintainers, Debian admins, Debian advocates,
Debian users -- in fact, most of the people in the Bay Area who can
correctly pronounce "Debian" -- will be converging on a Bay Area
restaurant-slash-bar for sustenance, conviviality, and mutual trust.
This month's meet is at Laval's Pizza, on Berkeley's North Side,
immediately North (ish) of UC on Euclid Ave. We'll be doing a
key-signing and discussing the possibility of doing a collaborative
big B.A.D. bug-squash meeting for this weekend's Debian Bug Squash.
Laval's is a healthy 6- to 8-block walk from Berkeley BART station,
has good pizza, and big tables. B.A.D. parties have been a SUPERBLAST
so far, and this one should be no different. I highly recommend
everyone's presence for this excellent event.
THE KEY-SIGNING PART
--------------------
If you've never participated in a key-signing party before, it's pretty
fun, and it can really expand your Web of Trust. Also, signed keys are
required for New Maintainers, so NM candidates should definitely make
this party!
I'll be co-ordinating the key-signing. If you have a GnuPG key that you
want signed, please send it to my address (evan at debian.org) before 13
Jun 12:00PM, so I can add it to the keyring to sign.
OK, so, here are the steps for a key-signing party.
BEFORE THE PARTY
0. Generate a GnuPG public key, if you don't already have one. To
understand a little more about GnuPG, please try to skim the GnuPG
privacy handbook, available at
/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/
after an "apt-get install gnupg-doc", or on the Web at:
http://www.gnupg.org/gph/en/manual.html
1. Send your key to the key-signing party organizer. You can get your
public key out of your keyring by doing a command like this:
gpg --export --armor "your at email.address" > yourname.asc
Then, email yourname.asc to the organizer (evan at debian.org).
Please, don't encrypt the mail you send to the organizer.
2. Print out a copy of your key fingerprint. This is for you to carry
around. You can get a copy of your key fingerprint by doing this:
gpg --fingerprint "your at email.address" > yourname.fp
...and then print yourname.fp out.
3. Make sure you have valid ID, like a passport or driver's license,
that has the same name as on your key.
AT THE PARTY
0. Get a copy of the keyring printout from the organizer.
1. For as many people as you can, do identification (see
below). (We'll probably have a semi-formal, around-the-room session
to do mass identification, which I'll explain at the event. It
worked pretty well last time.)
2. Meet people and have fun.
IDENTIFICATION
Here are the steps that happen when Alice is going to identify Bob.
Alice needs: keyring printout, pencil or pen.
Bob needs: fingerprint printout, ID.
0. Bob presents a picture ID, such as a driver's license or passport.
1. Alice marks on her keyring printout a single check next to Bob's
name, to indicate "identified."
2. Bob reads his fingerprint printout to Alice. Alice follows along
on her keyring printout.
3. If the fingerprint that Bob reads matches the fingerprint Alice has
on her printout, she makes a second check, indicating "fingerprint
matches."
Of course, it's nice if they then switch roles, and Bob identifies
Alice.
AFTER THE PARTY
0. Key signers download the party keyring from the URL I'll publish.
1. For each name on their keyring printout that has two checks
(identified, fingerprint matches), sign that key in the
keyring. For Alice to sign Bob's key, she would do a command like
this:
gpg --keyring /path/to/downloaded-keyring.gpg --sign-key "Bob" --local-user "Alice"
Remember, keep the keyring separate.
(Also, please don't sign keys of people you did not personally
identify. If you don't take this process seriously, you are a weak
link in the Web of Trust. If I see that you signed the key of
someone who wasn't at the event, I won't sign -your- key, and I'll
suggest that others don't, either.)
2. Once all the signatures have been added, send your copy of the
keyring back to the organizer (evan at debian.org). This copy will now
have all your signatures in it. Please return your signatures
within one week (by 20 Jun 2001).
3. The organizer will combine all the signatures together, and make
the new, merged keyring available for download. You can download
this file and then use
gpg --import /path/to/second/downloaded-keyring.gpg
To import all the keys with new signatures on them. Debian
members are encouraged to submit their new signatures to the key
server.
---8<---
Clever readers will note that "THE KEYSIGNING PART" is the same as for
June. Hooray for you! Give yourself a big fat gold star.
~ESP
--
Evan Prodromou
evan at debian.org
_______________________________________________
Bay Area Debian mailing list
Bad at bad.debian.net
http://bad.debian.net/cgi-bin/mailman/listinfo/bad
----- End forwarded message -----
--
Seth David Schoen <schoen at loyalty.org> | And do not say, I will study when I
Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5
More information about the Seth-Trips
mailing list