Hi, as a disclaimer: I am not so much experienced with marketing, but I have some generic/technical ideas. On Sun, Jan 10, 2016 at 03:56:59PM -0500, charles profitt wrote: > I have put up an outline for a potential magazine article. > > https://fedoramagazine.org/?p=11485&preview=true Not sure, if you plan to address this, but here are some questions that I would try to answer in such a posting: * Why should I use GPG/why do I need it? * Despite protecting E-Mail and Jabber communication this should also mention protection of software. For example package maintainer should use it to verify the source code coming from upstream: http://pkgs.fedoraproject.org/cgit/rpms/youtube-dl.git/tree/youtube-dl.spec#n35 * How does Fedora use it? * IMHO one important fact about Fedora is that we protect nearly all deliverables with GPG, i.e. ISO images, VM images and RPMS. Only Fedora Rawhide is not always completely signed. See for example: https://getfedora.org/verify * Also FAS allows to store a GPG fingerprint to be able to recover an account in case of lost e-mail access and password. It currently say GPG key id, but it will be the fingerprint with the next release. * And GPG keys from FAS accounts are available via DNSSEC using the openpgpkey tool (in package hash-slinger) * maybe more? * How do I manage GPG keys in RPM/DNF? * This would be something specific to Fedora that is not found in other guides. Then there are important technical aspects, that one should consider: * https://help.riseup.net/en/security/message-security/openpgp/best-practices * https://evil32.com/ And other topics could be using smartcards/tokens to protect the key or using GPG keys for SSH authentication. Kind regards Till
Attachment:
signature.asc
Description: PGP signature
-- marketing mailing list marketing@xxxxxxxxxxxxxxxxxxxxxxx List info or to change your subscription: https://admin.fedoraproject.org/mailman/listinfo/marketing
