[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120826074802.GB23985@codeaurora.org>
Date: Sun, 26 Aug 2012 00:48:02 -0700
From: David Brown <davidb@...eaurora.org>
To: Konstantin Ryabitsev <mricon@...nel.org>
Cc: ksummit-2012-discuss@...ts.linux-foundation.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [Ksummit-2012-discuss] Pubring and instructions for the KS 2012
keysigning
On Fri, Aug 24, 2012 at 11:39:03PM -0700, Konstantin Ryabitsev wrote:
> 6. When you get back to your laptop, run "gpg --sign-key [keyid]" for
> all the people marked "X" on your worksheet. The key id is the last 8
> chars of the fingerprint smushed together. [***] If a person has
> multiple fingerprints, sign all their keys.
Well, this can be made to work, but it's a bit clumsy. People will be
verifying their fingerprint against the sha of the keyring. The pdf
file isn't trusted (although each person could verify it, if desired).
This means that each person I want to sign, I have to assure that
their signature matches the one in the signed keyring, and to make the
worksheet useful, I have to also verify that the fingerprint on the
worksheet matches.
Some may find it useful to print out the worksheet themselves along
with its hash, and we can verify the sha256 hash of the pdf file.
David
--
Sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists