Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
On Mon, 2016-06-13 20:29:51 +1000, Aníbal Monsalve Salazar wrote: > DebConf16: Last Call for keys for keysigning in Cape Town, South > Africa > > As part of the 17th Debian Conference in Cape Town, South Africa > there will be OpenPGP (pgp/gpg) keysignings. If you intend to > participate in the DebConf16 keysignings, please send your ascii > armored public key as explained at [0] no later than 23:59 > UTC/GMT/Zulu on Tuesday 21 June 2016. > > Please note the new date. You have a week to send your key. > > More (and up-to-date) information is available at [0], so keep > watching it. > > If you sent your key and it's not listed at [1] please resend it. > > There was detected a short key ID attack, with the same user IDs. > Please be very careful when you sign keys. > > Curently, I have 62 keys listed at [1]: > >1 ed25519 >1 rsa3072 > 60 rsa4096 > > If you have an ed25519 key and would like to include it in the DC16 > keyring, send me a signed message with its fingerprint. I'll will need the corresponding public key as you may not be able to uplod an ed25519 key to a keyserver. > If you don't have an ed25519 key and would like to create your own > ECC key (not the ones recommended by NIST, which may have NSA > backdoors [2]), please read the information by NIIBE Yutaka at [3]. > > [0] https://people.debian.org/~anibal/ksp-dc16/ksp-dc16.html > [1] https://people.debian.org/~anibal/ksp-dc16/names.html > [2] https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Applications > [3] http://www.gniibe.org/memo/software/gpg/keygen-25519.html > > If you have questions please send them to the mailing list at > debconf-discuss@lists.debconf.org. If you don't want to post to the > mailing list, send your questions to ani...@debian.org, > d...@debian.org and jul...@debian.org. signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] chip-and-pin ATM cards at South Africa ATMS
Hi all, Few weeks back, I had applied for international debit card. Soon I got one. Reading the literature which came with the card, came to know that the card works on magnetic strip technology when used domestically and uses chip-and-pin or Online Debit System as shared in https://en.wikipedia.org/wiki/Debit_card Now I don't know about South Africa, but in India there are still a majority of ATM's who only use the magnetic strip for authentication purposes and haven't moved on to the more supposedly secure system of chip-and-pin/Online Debit System as is supposedly the case in Europe and States. Can somebody share if they know what the situation in South Africa about the above ? -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] chip-and-pin ATM cards at South Africa ATMS
Hi shirish (2016.06.13_17:41:17_+0200) > Few weeks back, I had applied for international debit card. Your normal debit card isn't usable abroad? Generally debit cards are Visa / MasterCard, these days, and work in foreign countries. The common exception is online purchases that can require cards from the country the merchant is in, for fraud control. That said, sometimes some cards don't work in foreign ATMs, and others do. I often have to try a couple before I find a combination that works. > Soon I got one. Reading the literature which came with the card, came > to know that the card works on magnetic strip technology when used > domestically and uses chip-and-pin or Online Debit System as shared in I believe the type of card (mag stripe vs EMV chip and pin) is orthogonal to the online/offline payment authorization. Generally debit cards require online authorization. Credit cards can often be used offline. But very few merchants seem to do that, these days. > Now I don't know about South Africa, but in India there are still a > majority of ATM's who only use the magnetic strip for authentication > purposes and haven't moved on to the more supposedly secure system of > chip-and-pin/Online Debit System as is supposedly the case in Europe > and States. I assume an ATM that uses the EMV chip on a card will fall back to the magstripe if the chip isn't present. Most ATMs capture the card, and it's impossible to know how it is reading the card. South African banks have been issuing cards with chip and pin for many years now, and most payments use chip and pin. But many foreigners (particularly Americans) still have mag stripe based cards, and merchants can usually handle them without any trouble. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
Aníbal Monsalve Salazar dijo [Mon, Jun 13, 2016 at 09:36:50PM +1000]: > >(...) > > Curently, I have 62 keys listed at [1]: > > > >1 ed25519 > >1 rsa3072 > > 60 rsa4096 > > > > If you have an ed25519 key and would like to include it in the DC16 > > keyring, send me a signed message with its fingerprint. > > I'll will need the corresponding public key as you may not be able > to uplod an ed25519 key to a keyserver. > > > If you don't have an ed25519 key and would like to create your own > > ECC key (not the ones recommended by NIST, which may have NSA > > backdoors [2]), please read the information by NIIBE Yutaka at [3]. Please also do note that the Debian infrastructure is not able to handle ECC keys yet, and won't be for a couple of years; of course, if you want to start building trust around your ED25519 key, we can start signing it, but it will not be usable as your key for Debian work in a long time. signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
Hi all, I have a query - While I understand the web of trust which is one of the major parts of keysigning and the process is detailed at https://www.debian.org/events/keysigning . Where it fails me is that WoT has little or no value to a person who doesn't want or have any uploading rights to the debian archive. The only argument given for WoT for non-technical peopel is the case where you need to prove your electronic identity to another entity who's also unknown but you need to prove your identity as Jacob Appelbaum is shown doing in citizenfour but such instances are pretty rare. Is there any other compelling reason for non-technical, contributors having no upload rights to use WoT , apart from being part of an awesome developer's key ? -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
Hi, shirish शिरीष wrote: > Is there any other compelling reason for non-technical, contributors > having no upload rights to use WoT , apart from being part of an > awesome developer's key ? In the reverse direction: meeting developers who are in the WoT and receiving their key fingerprint in person, allows you to verify GPG signatures on software releases or install media. You can't really be sure anything is legitimate until you have verified one or more developers' fingerprints with a trust path to the archive or release-signing key. For this reason it is good to have cross-signatures between developers in isolate regions, especially if one's access to software or the Internet is subject to censorship or deliberate tampering. Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Trip to Addo after Debconf
2016-06-11 19:42 GMT+02:00 Aigars Mahinovs : > On Sat, Jun 11, 2016 at 6:16 PM Dieter Adriaenssens < > dieter.adriaenss...@gmail.com> wrote: > >> Did you make arrangements yet : car rental, accommodation? >> > I have rented a car from 10th to 15th at Cape Town Airport. I am guessing > that as winter is off-season, hotel/hostel/naturepark bookings can be done > later too. > So that leaves 5-6 days to drive to Addo and back, which should be plenty of time to visit the park, and a lot of amazing views along the way : Garden route, Swartberg pass (between Prins Albert and Oudtshoorn), and probably much more (there are plenty of national parks around). What planning did you have in mind? I guess 1-2 days to drive to Addo, 1-2 days to visit the park and 1-2 days to return to Cape Town should leave enough time to see a lot. Just wondering : Do you have an interest in hiking or rock climbing? -- Kind regards, Dieter Adriaenssens ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Trip to Addo after Debconf
Hi Dieter (2016.06.13_21:18:06_+0200) > Swartberg pass (between Prins Albert and Oudtshoorn) Highly recommended. The Meiringspoort on the other side of Prins Albert is also worth a visit (and in the summer, it has some nice swimming). If you have the time, the road from Carlitzdorp to the Swartberg pass (through Groenfontein) is absolutely spectacular. But will take half a day to drive. I have always organised accommodation in Prins Albert through some family friends who live there http://www.princealbertcountrystay.com/ SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] status of the showmebox initiative ?
Hi all, Just wanted to know the what is the status quo of the showmebox initiative that Bernelle had. Has there been any participation either locally or internationally for the showmebox initiative or has this been deferred ? I ask as I saw https://wiki.debconf.org/wiki/DebConf16/DebianDay and https://wiki.debconf.org/wiki/DebConf16/DebianDay_Hardware and neither of the two mention the showmebox initiative anywhere. If there is or has been participation, please let me know and put it up on either of the two wikis which will also inspire/goad me into getting touch with the open data folks and trying to get them to contribute some small/big visualization for the initiative. Looking forward to know. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
shirish शिरीष dijo [Mon, Jun 13, 2016 at 05:51:59PM +]: > Hi all, > > I have a query - > > While I understand the web of trust which is one of the major parts of > keysigning and the process is detailed at > https://www.debian.org/events/keysigning . Where it fails me is that > WoT has little or no value to a person who doesn't want or have any > uploading rights to the debian archive. > > The only argument given for WoT for non-technical peopel is the case > where you need to prove your electronic identity to another entity > who's also unknown but you need to prove your identity as Jacob > Appelbaum is shown doing in citizenfour but such instances are pretty > rare. > > Is there any other compelling reason for non-technical, contributors > having no upload rights to use WoT , apart from being part of an > awesome developer's key ? One reason is to make the WoT a more widely known and used issue. I know (too!) many security-conscious people who have a GPG key and insist on the value of encrypting mail, but who are oblivious to the fact that as long as their identity is not verifiable, their encrypted mails are perfectly subject to Man-in-the-Middle attacks. PGP-like systems without a WoT is a nice idea, but a far shot from the whole shebang. Second, if you attend DebConf and are not a DD/DM, you might very probably be interested in eventually becoming one. If six months from now you decide to start the process, but don't have a signed key, you will have a setback to begin your process. And, speaking as somebody living >1000Km from the closest DD¹, that is not always easy to arrange. ¹ Well, there is one temporaily living in Mexico City, but I've been a lonely DD for a long time... (of course, as a far-away DD, and as one of the keyring-maint team members, I'm more sensibilized to these issues than many others) signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] status of the showmebox initiative ?
Hi Shirish On Mon, Jun 13, 2016 at 11:04 PM, shirish शिरीष wrote: > Hi all, > > Just wanted to know the what is the status quo of the showmebox > initiative that Bernelle had. Has there been any participation either > locally or internationally for the showmebox initiative or has this > been deferred ? > > I ask as I saw https://wiki.debconf.org/wiki/DebConf16/DebianDay and > https://wiki.debconf.org/wiki/DebConf16/DebianDay_Hardware and neither > of the two mention the showmebox initiative anywhere. > > If there is or has been participation, please let me know and put it > up on either of the two wikis which will also inspire/goad me into > getting touch with the open data folks and trying to get them to > contribute some small/big visualization for the initiative. The ShowMeBox is doing well under development, but we are moving it to a more long term project. due to lack of time and resources we decided not to do a dedicated initiative at DebConf. I did ask Graham (ginggs) who is involved to have a table and hack away at it during Open Weekend, and if you want to source some visualisation data to play with, you are very welcome. The focus is now shifting to use DebConf to let people know about this open hardware / visualisation project. You can see discussions on the mailing list archive: http://lists.alioth.debian.org/pipermail/showme-devel/ and this link is on the wiki: https://wiki.debian.org/ShowMeBox I am in the process of updating the wiki and content for the main website regarding the Open Weekend. > > Looking forward to know. > > -- > Regards, > Shirish Agarwal शिरीष अग्रवाल > My quotes in this email licensed under CC 3.0 > http://creativecommons.org/licenses/by-nc/3.0/ > http://flossexperiences.wordpress.com > EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 > ___ > Debconf-discuss mailing list > Debconf-discuss@lists.debconf.org > http://lists.debconf.org/mailman/listinfo/debconf-discuss ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Last call for keys for keysigning in Cape Town, South Africa
On Mon, Jun 13, 2016 at 12:24:42PM -0500, Gunnar Wolf wrote: > Aníbal Monsalve Salazar dijo [Mon, Jun 13, 2016 at 09:36:50PM +1000]: > > >(...) > > > Curently, I have 62 keys listed at [1]: > > > > > >1 ed25519 > > >1 rsa3072 > > > 60 rsa4096 > > > > > > If you have an ed25519 key and would like to include it in the DC16 > > > keyring, send me a signed message with its fingerprint. > > > > I'll will need the corresponding public key as you may not be able > > to uplod an ed25519 key to a keyserver. > > > > > If you don't have an ed25519 key and would like to create your own > > > ECC key (not the ones recommended by NIST, which may have NSA > > > backdoors [2]), please read the information by NIIBE Yutaka at [3]. > > Please also do note that the Debian infrastructure is not able to > handle ECC keys yet, and won't be for a couple of years; of course, if > you want to start building trust around your ED25519 key, we can start > signing it, but it will not be usable as your key for Debian work in a > long time. Would make sense to have ed25519 subkey(s) under an RSA master key? -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
