Hi.
Some time ago I wrote a new version of the devel/join/nm-step2 page.
After asking for a first feedback I've forgotten this.
I post the version now a second time for review. I think it is
easier to read and understand than the old one.
I also incorporated the suggestion from Bug#180180: Encourage
applicant to cross-sign DD key
When no one objects I will upload the page in a few days.
Gruesse,
--
*** Frank Lichtenheld <[EMAIL PROTECTED]> ***
*** http://www.djpig.de/ ***
see also: - http://www.usta.de/
- http://fachschaft.physik.uni-karlsruhe.de/#use wml::debian::template title="Step 2: Identification" NOHEADER="true"
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
<p>The information on this page, while public, will primarily
be of interest to future Debian developers.</p>
<h2>Step 2: Identification</h2>
<h3>Why GPG?</h3>
<p>Because the <a href="newmaint#Member">Debian members</a> are
located everywhere around the world (see
<a href="../developers.loc">developers locations</a>) and rarely
meet each other personal an alternate method of identification
is necessary. All Debian developers are identified by their
<a href="http://www.gnupg.org";>GPG</a> key. This provides an accurate
method to authenticate messages and other data by signing it. For
more information on GPG keys see the README in the
<code>debian-keyring</code> package.</p>
<h3>Providing a key</h3>
<p>Each <a href="newmaint#Applicant">applicant</a> must provide a
GPG public key. The preferred way to do this is to export it to one of
the <a href="http://wwwkeys.us.pgp.net/";>public key servers</a>.
Public keys can be exported using:</p>
<pre>
gpg --send-key --keyserver <server address> <yourkeyid>
</pre>
<p>Note: There are <a href="nm-amchecklist#gpgversion">known problems</a>
with GPG <= 1.0.1 and ElGamal keys.</p>
<h3>Verification</h3>
<p>Because anyone can upload a public key to the servers it needs
to be verified that the key is the applicants one. There are at least two
ways to do this:</p>
<ol>
<li>
<p>The public key itself can be signed by an other
<a href="newmaint#Member">Debian member</a>. Therefor the
applicant must meet this Debian member personal and must
identify himself (by providing a passport, a drivers license
or some other ID).</p>
<p>This is the preferred way for verification. See below
for more details on <a href="#key_signature">how to get your
key signed</a>. If this method is not applicable because
there is no other Debian developer near the applicant then the
following way is recommended.</p>
</li>
<li>
<p>The applicant can provide a digital image of an ID signed
with his GPG key. This image should be send to his
<a href="newmaint#AppMan">Application Manager (AM)</a>.</p>
<p>It is allowed to hide irrelevant information on the image
for privacy reasons.</p>
</li>
</ol>
<p>If none of this procedures are appropriate for an applicant he can
always work out an other one with his AM as long as the rest of
<a href="newmaint#Committee">the NM-Committee</a> is informed
and agreed to accept it.</p>
<h3><a name="key_signature">How to get your GPG key signed</a></h3>
<p>Announces of key signing parties are usually posted on the
<code>debian-devel</code> mailing list, so check there first.</p>
<p>If you are looking for developers in any specific areas to sign your
GPG public key, the <a href="http://nm.debian.org/gpg.php";>key signing
coordination page</a> may be of help.</p>
<p>You can also send e-mail to <email [EMAIL PROTECTED]> telling
us where you live exactly (plus naming some big cities close to you),
then we can check in the developer database for developers who are
near you.</p>
<p>Once you find someone to sign your key, you should follow the steps
in the <a href="$(HOME)/events/keysigning">Keysigning Mini-HOWTO</a>.</p>
<p>It is recommended that you also sign the Debian Developer's
key. This is not necessary for your ID check but it strengthens the
web of trust.</p>
<hr noshade size=1>
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
