> I create for myself a gpg key and want to get it signed More important than whether your certificate gets signed is who signs the certificate, who they are connected to, and so on.
Some people will sign almost anything. People who get a reputation for signing anything develop a reputation for their signatures being meaningless. Some people have very strong requirements before they'll sign. Their signatures are often worth quite a lot of credibility, but good luck getting them. The good news is this *can be done*. I promise. The best thing you can do right now is to get involved in the community. Get engaged in the mailing lists (here, PGP-Basics, Enigmail-Users are three good ones). And when you post, sign your messages. Over time people will come to trust that your signature connects to the real you, even if they can't promise that your name really is David Niklas, or can't say what you look like. Once you've got a couple of years' track record of consistently using the same certificate, consistently contributing to mailing lists and FOSS projects, consistently being part of the solution and not part of the problem ... I promise, you'll find people who are willing to vouch for you. There is no quick way, no shortcut. But I think you'll find that although it takes a while, it isn't hard, either. :) > Now, I'm a student (think penny less), and live in a rural area 100mi > from the nearest LUG and people out here are _very_ computer illiterate > to the point where educated people think that turning a computer off > will damage it, or that the computer loses power (1GHz becomes .2GHZ), > as it grows older. I grew up on a farm in the middle of nowhere. I know *exactly* what that's like. > I want to develop FOSS and feel obligated to get a key to protect uses > of the software I'm modifying from MITM attacks. So, first, host your software publicly, somewhere that it's easy to find. GitHub works great, but there are a lot of options. On whatever page you use for your FOSS work, put a notice that says "My GnuPG certificate is 0xDEADBEEFDECAFBAD, and you can download signatures for all the tarballs over here." It works. Seriously. :) Welcome to the community!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
