On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote: > On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote: > > On Thursday 04 May 2006 21:59, Karsten Wade <kwade@xxxxxxxxxx> wrote: > > > > > > Missed opportunity at the last FUDCon for a keysigning. Why don't we > > > care about those anymore? Don't we need a strong web of trust for > > > Fedora keys to mean anything themselves? > > > > > > Is there any way we can do keysigning parties not in person? For > > > example ... > > > > > > Okay, I started to write out a process that included pictures of > > > ourselves signed and encrypted and verified ... and it was crazier than > > > ever. > > > > > > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to > > > pause for a keysigning wherever two Fedorans meet in the meat? > > > > > > > Others may have a different view, but I don't see meeting in person as a > > requirement for trust among Fedora contributors. The real purpose of > > requiring face-to-face contact is to allow identities to be verified. Since > > we are identified to each other by our contributions, we have less of a need > > to attach a GPG key to a face and more need to attach a GPG key to a > > contributor identity. > > +1. Many Fedora contributors may not be able to meet others > physically...though we do access the same Project services via online > identities, so perhaps Project people or systems could serve as trusted > third-parties in some fashion... > > > This can be accomplished through regular usage of > > keys. For example, since I always sign my messages, and you can be > > reasonably sure of my contributor identity, you can infer that it is safe to > > trust the key that I regularly sign with. > > Lots of the bits that make up a contributor identity are listed on > personal Wiki pages, or in the accounts system... Random thought: The > CLA agreement has to be GPG signed, and the accounts system provides a > list of contributors. Does the database behind the accounts system store > anything relating to GPG? In answer to my own question: Yes, you can find out a particular contributor's GPG key ID from the accounts Web interface by selecting a group, "Show all" to list the accounts, and clicking the username of that contributor. -- Stuart Ellis stuart@xxxxxxxx Fedora Documentation Project: http://fedora.redhat.com/projects/docs/ GPG key ID: 7098ABEA GPG key fingerprint: 68B0 E291 FB19 C845 E60E 9569 292E E365 7098 ABEA
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-docs-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-docs-list
