-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/20/2013 09:59 PM, Jeremy Stanley wrote: > On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote: >> Has anyone thought about having a PGP key signing party during the >> summit? > [...] > > I'm preparing some documents to help socialize an OpenPGP web of > trust amongst our Release Cycle Management team members, with a hope > of getting a strong set of validated signatures between each of us > while we're in Hong Kong. This documentation will be similar to > (essentially a superset of) the current key signing > recommendations/consensus within the Debian developer community as > well as from some other relevant sources. There are improvements I'm > eager to make to our release processes and automation which will > hinge on a solid web of trust, initially amongst those participating > in release processes (signing git tags, attesting to tarballs and so > on) but ultimately strengthened by extending that trust throughout > the contributor base and our downstream consumers. > > My current goal is to organize an official key-signing party for the > entire community at the "J" summit--but I expect it to be a fairly > large event and would want a time slot for it which didn't overlap > with any design sessions--so we'll need to plan it fairly far in > advance. I still intend to have key management and key signing > recommendations published for the benefit of the OpenStack developer > community in the coming weeks (in time for the Icehouse summit in > Hong Kong), and encourage people to validate and sign each other's > keys at any opportunity. I personally will be happy to make time > between sessions and at evening events to exchange key fingerprints > and show/check passports with anyone who is interested, and hope > others will do the same.
Hi Jeremy, I would suggest that you get in touch with DKG (hereby, CC:-ed), who is the pgp person normally organizing the key-signing events at Debconf. I am sure he will be able to point out the relevant documents explaining how this should work. Thomas Goirand (zigo) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlI9RikACgkQl4M9yZjvmkm60gCg4eWAm1o61IdKw5g2f5ZqoSKh 5CYAn1Pjk9G83SqjrqfqzfZZ5tCzEyAA =m/0R -----END PGP SIGNATURE----- _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
