On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote:
On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
> On Thursday 04 May 2006 21:59, Karsten Wade <kwade(a)redhat.com> wrote:
> >
> > Missed opportunity at the last FUDCon for a keysigning. Why don't we
> > care about those anymore? Don't we need a strong web of trust for
> > Fedora keys to mean anything themselves?
> >
> > Is there any way we can do keysigning parties not in person? For
> > example ...
> >
> > Okay, I started to write out a process that included pictures of
> > ourselves signed and encrypted and verified ... and it was crazier than
> > ever.
> >
> > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> > pause for a keysigning wherever two Fedorans meet in the meat?
> >
>
> Others may have a different view, but I don't see meeting in person as a
> requirement for trust among Fedora contributors. The real purpose of
> requiring face-to-face contact is to allow identities to be verified. Since
> we are identified to each other by our contributions, we have less of a need
> to attach a GPG key to a face and more need to attach a GPG key to a
> contributor identity.
+1. Many Fedora contributors may not be able to meet others
physically...though we do access the same Project services via online
identities, so perhaps Project people or systems could serve as trusted
third-parties in some fashion...
> This can be accomplished through regular usage of
> keys. For example, since I always sign my messages, and you can be
> reasonably sure of my contributor identity, you can infer that it is safe to
> trust the key that I regularly sign with.
Lots of the bits that make up a contributor identity are listed on
personal Wiki pages, or in the accounts system... Random thought: The
CLA agreement has to be GPG signed, and the accounts system provides a
list of contributors. Does the database behind the accounts system store
anything relating to GPG?
In answer to my own question: Yes, you can find out a particular
contributor's GPG key ID from the accounts Web interface by selecting a
group, "Show all" to list the accounts, and clicking the username of
that contributor.
--
Stuart Ellis
stuart(a)elsn.org
Fedora Documentation Project:
http://fedora.redhat.com/projects/docs/
GPG key ID: 7098ABEA
GPG key fingerprint: 68B0 E291 FB19 C845 E60E 9569 292E E365 7098 ABEA