l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
June 2: Social gathering
Next Installfest:
Latest News:
May. 19: LUGOD special elections
Page last updated:
2005 Nov 20 18:58

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Let's have a key signing party this Monday!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Let's have a key signing party this Monday!

Scott Ritchie wrote:
> Hey folks, I need some trustworthy folk to sign my GPG key so I can work
> my way into the Debian and Ubuntu webs of trust in order to properly
> upload packages.
> So, let's sign some keys this Monday.  Heck, we can even have a party!
> There's a howto for it here:
> http://www.cryptnet.net/fdp/crypto/gpg-party.html
> I think the best way to do this is to select a hapless coordinator, who
> comes with a printed list of all the keyids and fingerprints using the
> handy pearl script there, which we then take a copy of so we can sign
> keys in bulk.
> So, here is my keyid: 387EE263
> My fingerprint is: 0CDE E38B C356 1EF8 BD46 82BE 5840 3026 387E E263
> Name is: Scott Ritchie
> Email is: scott@open-vote.org
> Now, if I am understanding this right, I go to the meeting with the key
> and fingerprint, and you verify that it matches and I am me, and then
> you go home and download my key off of a keyserver, verify that it's
> fingerprint is the same, sign it and then upload it or send it to me
> (and then I upload it).
> So, who else is in?

To be in the Debian web of trust, you need to have a Debian developer
sign your key. (I would imagine this should also suffice for the ubuntu
web of trust since they use debian packages).

http://www.debian.org/devel/join/nm-step2 describes the process

https://nm.debian.org/gpg_offer.php Lists Debian developers who sign
keys, by locality.

I met a few developers, including Branden Robinson, Joshua Kwan, and Don
Armstrong at LinuxWorld a few years ago and got my key signed then.

Don't try to become a Debian Developer yet. Instead, file an ITP[0] bug
against WNPP[1], indicating that you plan to package your software,
indicate in the ITP that you're not a DD[2] and you'll need a sponsor,
and also head over to debain-mentors@lists.debian.org and post an RFS[3]

When you've got some experience behind you, then apply to become a DD at

Godwilling, my first package, link-grammar[4] will be uploaded soon.

--Ken Bloom

[0] Intent to Package. The bug should have ITP at the beginning of the
[1] http://www.us.debian.org/devel/wnpp/
[2] Debian Developer
[3] Request for Sponsor
[4] http://lists.debian.org/debian-wnpp/2005/11/msg00082.html

I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

Attachment: signature.asc
Description: OpenPGP digital signature

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.