[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20131017212211.GA15197@gmail.com>
Date: Thu, 17 Oct 2013 17:22:11 -0400
From: Konstantin Ryabitsev <mricon@...nel.org>
To: ksummit-2013-discuss@...ts.linux-foundation.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Pubring and instructions for the KS 2013 keysigning
Hello, all:
I collected 36 keys from people interested in keysigning at the
Kernel Summit. I have uploaded the fingerprints and the keyring to the
following locations:
https://www.kernel.org/doc/ks/ks2013-fingerprints.txt
https://www.kernel.org/doc/ks/ks2013-keyring.gpg
This is the sha1sum of the keyring:
d9bb4f0519a5453fb445dbdc9e2bfee5b721332b
You can import the keyring using "gpg --import" command.
WARNING: just in case someone jumps the gun -- these fingerprints were
taken at "face value". I DID NO VERIFICATION WHATSOEVER whether these
keys belong to the actual people. DO NOT sign any of these keys
without the verification procedure at the Kernel Summit. My GPG
signature on this email is in no way an endorsement of these keys.
Here's how the procedure will play out:
1. Some time on Thursday during plenary meetings, I will take 5 minutes
of your time to introduce myself and to recite the sha1sum of the
keyring available for download from the link above. People with laptops
capable of downloading the keyring and running "sha1sum" (should be
about 95% of the audience, I think) can validate whether the hash
verifies. Someone from those present who can identify me will state
that I am indeed who I am.
2. I will also make available printed worksheets with people's names
and key fingerprints (or print your own -- see attached).
3. If you are willing to sign people's keys, please obtain from me a
copy of the worksheet, a short pencil, and a spider sticker (because
it's Hallowe'en and they were on sale, plus because it clearly
means "Web of Trust").
a. Affix the spider sicker to your KS badge to indicate that
you're willing to sign keys.
b. Fold the worksheet and keep it in your KS badge.
c. Keep the brass lantern^W^W short pencil in your badge, too.
4. During lunch and later during the day, if someone approaches you
and asks to sign their key:
a. Keep calm and carry on.
b. Locate their name on the worksheet.
c. Ask to see some government-issued ID to verify their identity.
d. Alternatively, ask personal/kernel-related questions which only
that person would be able to answer (see Harry Potter books 6 and 7).
5. If you are comfortable in asserting that the person asking your
signature is who they say they are, put an "X" next to their name on
the worksheet using the pencil provided (or an alternative writing
utensil should there be a dearth of pencils).
6. When you get back to your laptop, run "gpg --sign-key [keyid]" for
all the people marked "X" on your worksheet (assuming you ran "gpg
--import ks2013-keyring.gpg" already). If a person has multiple keys,
sign all of them.
7. Lastly, do "gpg --send-keys [keyid]" to upload the newly signed key
to the keyservers.
If you're attending the Kernel Summit but have not submitted your key in
time -- or, alternatively, if you are attending LCE/CloudOpen but have
not been invited to the KS... do not despair!
Use the following procedure instead:
1. Write out your key on your business card, or
2. Make a QR code of the fingerprint and put it on your phone so
others can scan it (e.g. like this http://goo.gl/xrdHz9, using
this: http://www.unitaglive.com/qrcode).
3. Locate people sporting stylish spider stickers on their badges and ask them to
sign your key. People with stylish spider stickers are likely in the
kernel.org web of trust and have volunteered to participate in
keysigning.
If you have any questions, please let me know.
Best,
--
Konstantin Ryabitsev
Systems Administrator
Linux Foundation, kernel.org
Montréal, Québec
Download attachment "ks2013-worksheet-2x.pdf" of type "application/pdf" (231664 bytes)
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists