[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ghm-discuss] Last chance to participate in keysigning
|
From: |
beuc |
|
Subject: |
Re: [Ghm-discuss] Last chance to participate in keysigning |
|
Date: |
Fri, 8 Aug 2014 21:44:41 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
I didn't receive any confirmation that my key was taken into account
(I sent it a while ago now), and you mention that the keyring will be
finalized after the August 10 dead-line, so... Is there a way to
ensure everything's OK ? :)
- Sylvain
On Fri, Aug 08, 2014 at 12:38:13PM +0200, address@hidden wrote:
> [ You are receiving this email because you have registered to attend
> the GNU Hackers' Meeting in August 2014. ]
>
> At GHM 2014, like last year, there will be a keysigning party.
> We will use the Sassaman-Efficient method. See
> http://www.keysigning.org/methods/sassaman-efficient
> The keyring will be finalised and published next week.
> If you want to participage you must submit your key
> NO LATER THAN Sunday 10 August 2014
> Participation, is of course optional, but highly recommended.
>
> Why would I want to participate?
> ================================
>
> Two possible reasons: a) to get your GPG key signed by others; b) to
> verify the keys of other participants.
>
> Why would I want my key to be signed?
> =====================================
>
> Having your key signed by as many people as possible makes it harder
> for people to impersonate you on the internet.
>
> Why would I want to sign other people's keys?
> =============================================
>
> If you have signed the key of another person, then when you receive
> a signed email from that person, you know it really is from him/her
> and has not been altered. Also, GNU Projects use the developers' key
> to sign the source tarballs. Thus, when you download GNU software and
> you have signed the developers' key, you can be certain that the
> package has not been tampered with.
>
> How do I participate?
> =====================
>
> If you wish to participate in the keysigning, email your ascii
> armoured public key to address@hidden with the subject "KEYSIGNING"
> You must do this NO LATER THAN Sunday 10 August 2014 !!!!!!!!
> Use the command:
>
> gpg --armor --export substitute-your-key-id | mail -s "KEYSIGNING"
> address@hidden
>
> (You can find your own key using the command: gpg --list-secret-keys)
>
> A week before the event, we will publish the list of keys and the SHA1
> and MD5 checksums. You should print out the list, and verify the
> checksum of your own key, and the checksum of the list. Then bring
> that list with you, having first physically signed or otherwise
> marked all pages such that you will know they have not been substituted.
>
> You should also bring with you a recognised form of government issued
> photographic identification (eg: passport, government identity card, etc).
>
> One aspect of this method which is often misunderstood, is that it is
> essential that the participants bring their *own* printed copy of the list.
> THERE WILL BE NO COPIES DISTRIBUTED AT THE MEETING. To do so would
> defeat its purpose.
>
> What the hell is a GPG key? I don't understand any of the above.
> ================================================================
>
> GPG is the GNU Privacy Guard. It is one measure of defence against
> spying on the internet (by government bodies or anyone else). It
> helps defend yourself against viruses, spywarem, faked email and other
> attacks.
>
> If you haven't got a GPG key, you can create your own. Find out how
> to do this at https://gnupg.org/gph/en/manual.html
>
>
> We look forward to meeting you at GHM 2014!