On Fri, Aug 24, 2012 at 11:39:03PM -0700, Konstantin Ryabitsev wrote: > 6. When you get back to your laptop, run "gpg --sign-key [keyid]" for > all the people marked "X" on your worksheet. The key id is the last 8 > chars of the fingerprint smushed together. [***] If a person has > multiple fingerprints, sign all their keys.
Well, this can be made to work, but it's a bit clumsy. People will be verifying their fingerprint against the sha of the keyring. The pdf file isn't trusted (although each person could verify it, if desired). This means that each person I want to sign, I have to assure that their signature matches the one in the signed keyring, and to make the worksheet useful, I have to also verify that the fingerprint on the worksheet matches. Some may find it useful to print out the worksheet themselves along with its hash, and we can verify the sha256 hash of the pdf file. David -- Sent by an employee of the Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
