On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote: > Has anyone thought about having a PGP key signing party during the > summit? [...]
I'm preparing some documents to help socialize an OpenPGP web of trust amongst our Release Cycle Management team members, with a hope of getting a strong set of validated signatures between each of us while we're in Hong Kong. This documentation will be similar to (essentially a superset of) the current key signing recommendations/consensus within the Debian developer community as well as from some other relevant sources. There are improvements I'm eager to make to our release processes and automation which will hinge on a solid web of trust, initially amongst those participating in release processes (signing git tags, attesting to tarballs and so on) but ultimately strengthened by extending that trust throughout the contributor base and our downstream consumers. My current goal is to organize an official key-signing party for the entire community at the "J" summit--but I expect it to be a fairly large event and would want a time slot for it which didn't overlap with any design sessions--so we'll need to plan it fairly far in advance. I still intend to have key management and key signing recommendations published for the benefit of the OpenStack developer community in the coming weeks (in time for the Icehouse summit in Hong Kong), and encourage people to validate and sign each other's keys at any opportunity. I personally will be happy to make time between sessions and at evening events to exchange key fingerprints and show/check passports with anyone who is interested, and hope others will do the same. -- Jeremy Stanley
signature.asc
Description: Digital signature
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
