9:34 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First i would like to introduce myself
My name is Guillermo Gómez. I live in Caracas/Venezuela and would like
to contribute with Spanish translations at all levels for Fedora project.
First, i would like to know if im doing it right about PGP, never use it
before.
I'm using Thunderbird with extensions to manage OpenPGP. I'm signing
this email and attaching my public key.
Thanks for the help to help ;)
kg
Guillermo Gómez S.
"De la tierra de Bolívar para el mundo."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEVsUqsDkDUAWcF3URAi3AAKCIuWxxZS5Pl4lzydPhXO110sxHdACbBDN6
E7O5FyRwmKm22GRCDayiCrE=
=dZGW
-----END PGP SIGNATURE-----
6:30 p.m.
On Mon, 2006-05-01 at 22:34 -0400, Guillermo Gómez wrote:
cheers - Karsten
--
Karsten Wade, RHCE * Sr. Editor * http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
Fedora Documentation Project http://fedoraproject.org/wiki/DocsProject
Learn. Network. Experience open source.
Red Hat Summit Nashville | May 30 - June 2, 2006
Learn more: http://www.redhat.com/promo/summit/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First i would like to introduce myself
My name is Guillermo Gómez. I live in Caracas/Venezuela and would like
to contribute with Spanish translations at all levels for Fedora project.
Welcome. Have you seen these pages?
http://fedoraproject.org/wiki/DocsProject/Translation
http://fedoraproject.org/wiki/L10N
First, i would like to know if im doing it right about PGP, never use
it
before.
I'm using Thunderbird with extensions to manage OpenPGP. I'm signing
this email and attaching my public key.
To be honest, I'm not sure. There is definitely a signature attached,
but it says, "Invalid Signature", and clicking on it says, essentially,
"gpg: Can't check signature: public key not found".
However, I see that all the time. It seems gpg is looking for the key
to be on my local keyring, rather than asking a keyserver (such as
pgp.mit.edu).
So, it looks like it worked, but I cannot be sure.
Thanks for the help to help ;)
Here is what the block looks like; again, seems correct:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEVsUqsDkDUAWcF3URAi3AAKCIuWxxZS5Pl4lzydPhXO110sxHdACbBDN6
E7O5FyRwmKm22GRCDayiCrE=
=dZGW
-----END PGP SIGNATURE-----
7:15 p.m.
On Thursday 04 May 2006 18:30, Karsten Wade <kwade(a)redhat.com> wrote:
On Mon, 2006-05-01 at 22:34 -0400, Guillermo Gómez wrote:
> First, i would like to know if im doing it right about PGP, never use it
> before.
>
> I'm using Thunderbird with extensions to manage OpenPGP. I'm signing
> this email and attaching my public key.
To be honest, I'm not sure. There is definitely a signature attached,
but it says, "Invalid Signature", and clicking on it says, essentially,
"gpg: Can't check signature: public key not found".
However, I see that all the time. It seems gpg is looking for the key
to be on my local keyring, rather than asking a keyserver (such as
pgp.mit.edu).
So, it looks like it worked, but I cannot be sure.
It worked well. To avoid the warning, one simply needs to grab the public key
from pgp.mit.edu, which is the expected behavior. :-)
--
Patrick "The N-Man" Barnes
nman64(a)n-man.com
http://www.n-man.com/
LinkedIn:
http://www.linkedin.com/in/nman64
Have I been helpful? Rate my assistance!
http://rate.affero.net/nman64/
--
9:59 p.m.
On Thu, 2006-05-04 at 19:15 -0500, Patrick W. Barnes wrote:
It worked well. To avoid the warning, one simply needs to grab the
public key
from pgp.mit.edu, which is the expected behavior. :-)
I guess I'm hoping for something easier than that. I wish the GPG
support was smoother in all cases. I really dig Evolution's signing and
encryption, but they all require a separate downloading of the public
key. Lazy factor.
Missed opportunity at the last FUDCon for a keysigning. Why don't we
care about those anymore? Don't we need a strong web of trust for
Fedora keys to mean anything themselves?
Is there any way we can do keysigning parties not in person? For
example ...
Okay, I started to write out a process that included pictures of
ourselves signed and encrypted and verified ... and it was crazier than
ever.
Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
pause for a keysigning wherever two Fedorans meet in the meat?
- Karsten, aka AD0E0C41
--
Karsten Wade, RHCE * Sr. Editor * http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
Fedora Documentation Project http://fedoraproject.org/wiki/DocsProject
Learn. Network. Experience open source.
Red Hat Summit Nashville | May 30 - June 2, 2006
Learn more: http://www.redhat.com/promo/summit/
3:27 a.m.
On Thursday 04 May 2006 21:59, Karsten Wade <kwade(a)redhat.com> wrote:
Missed opportunity at the last FUDCon for a keysigning. Why don't we
care about those anymore? Don't we need a strong web of trust for
Fedora keys to mean anything themselves?
Is there any way we can do keysigning parties not in person? For
example ...
Okay, I started to write out a process that included pictures of
ourselves signed and encrypted and verified ... and it was crazier than
ever.
Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
pause for a keysigning wherever two Fedorans meet in the meat?
Others may have a different view, but I don't see meeting in person as a
requirement for trust among Fedora contributors. The real purpose of
requiring face-to-face contact is to allow identities to be verified. Since
we are identified to each other by our contributions, we have less of a need
to attach a GPG key to a face and more need to attach a GPG key to a
contributor identity. This can be accomplished through regular usage of
keys. For example, since I always sign my messages, and you can be
reasonably sure of my contributor identity, you can infer that it is safe to
trust the key that I regularly sign with. It would be just as easy for
someone to show up at a FUDCon with an ID card that has my name on it and
claim to be me for the sake of getting their key signed, and that's why
face-to-face keysigning parties aren't as useful for Fedora contributors.
--
Patrick "The N-Man" Barnes
nman64(a)n-man.com
http://www.n-man.com/
LinkedIn:
http://www.linkedin.com/in/nman64
Have I been helpful? Rate my assistance!
http://rate.affero.net/nman64/
--
8:48 a.m.
On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
On Thursday 04 May 2006 21:59, Karsten Wade <kwade(a)redhat.com>
wrote:
>
> Missed opportunity at the last FUDCon for a keysigning. Why don't we
> care about those anymore? Don't we need a strong web of trust for
> Fedora keys to mean anything themselves?
>
> Is there any way we can do keysigning parties not in person? For
> example ...
>
> Okay, I started to write out a process that included pictures of
> ourselves signed and encrypted and verified ... and it was crazier than
> ever.
>
> Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> pause for a keysigning wherever two Fedorans meet in the meat?
>
Others may have a different view, but I don't see meeting in person as a
requirement for trust among Fedora contributors. The real purpose of
requiring face-to-face contact is to allow identities to be verified. Since
we are identified to each other by our contributions, we have less of a need
to attach a GPG key to a face and more need to attach a GPG key to a
contributor identity.
+1. Many Fedora contributors may not be able to meet others
physically...though we do access the same Project services via online
identities, so perhaps Project people or systems could serve as trusted
third-parties in some fashion...
This can be accomplished through regular usage of
keys. For example, since I always sign my messages, and you can be
reasonably sure of my contributor identity, you can infer that it is safe to
trust the key that I regularly sign with.
Lots of the bits that make up a contributor identity are listed on
personal Wiki pages, or in the accounts system... Random thought: The
CLA agreement has to be GPG signed, and the accounts system provides a
list of contributors. Does the database behind the accounts system store
anything relating to GPG?
It would be just as easy for
someone to show up at a FUDCon with an ID card that has my name on it and
claim to be me for the sake of getting their key signed, and that's why
face-to-face keysigning parties aren't as useful for Fedora contributors.
--
Stuart Ellis
stuart(a)elsn.org
Fedora Documentation Project: http://fedora.redhat.com/projects/docs/
GPG key ID: 7098ABEA
GPG key fingerprint: 68B0 E291 FB19 C845 E60E 9569 292E E365 7098 ABEA
8:56 a.m.
On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote:
On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
> On Thursday 04 May 2006 21:59, Karsten Wade <kwade(a)redhat.com> wrote:
> >
> > Missed opportunity at the last FUDCon for a keysigning. Why don't we
> > care about those anymore? Don't we need a strong web of trust for
> > Fedora keys to mean anything themselves?
> >
> > Is there any way we can do keysigning parties not in person? For
> > example ...
> >
> > Okay, I started to write out a process that included pictures of
> > ourselves signed and encrypted and verified ... and it was crazier than
> > ever.
> >
> > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to
> > pause for a keysigning wherever two Fedorans meet in the meat?
> >
>
> Others may have a different view, but I don't see meeting in person as a
> requirement for trust among Fedora contributors. The real purpose of
> requiring face-to-face contact is to allow identities to be verified. Since
> we are identified to each other by our contributions, we have less of a need
> to attach a GPG key to a face and more need to attach a GPG key to a
> contributor identity.
+1. Many Fedora contributors may not be able to meet others
physically...though we do access the same Project services via online
identities, so perhaps Project people or systems could serve as trusted
third-parties in some fashion...
> This can be accomplished through regular usage of
> keys. For example, since I always sign my messages, and you can be
> reasonably sure of my contributor identity, you can infer that it is safe to
> trust the key that I regularly sign with.
Lots of the bits that make up a contributor identity are listed on
personal Wiki pages, or in the accounts system... Random thought: The
CLA agreement has to be GPG signed, and the accounts system provides a
list of contributors. Does the database behind the accounts system store
anything relating to GPG?
In answer to my own question: Yes, you can find out a particular
contributor's GPG key ID from the accounts Web interface by selecting a
group, "Show all" to list the accounts, and clicking the username of
that contributor.
--
Stuart Ellis
stuart(a)elsn.org
Fedora Documentation Project: http://fedora.redhat.com/projects/docs/
GPG key ID: 7098ABEA
GPG key fingerprint: 68B0 E291 FB19 C845 E60E 9569 292E E365 7098 ABEA
5:58 p.m.
On Sat, 2006-05-06 at 14:56 +0100, Stuart Ellis wrote:
On Sat, 2006-05-06 at 14:48 +0100, Stuart Ellis wrote:
> On Fri, 2006-05-05 at 03:27 -0500, Patrick W. Barnes wrote:
In answer to my own question: Yes, you can find out a particular
contributor's GPG key ID from the accounts Web interface by selecting a
group, "Show all" to list the accounts, and clicking the username of
that contributor.
Hot dog! Look at that, we have a built-in trust verification system.
Patrick, you are totally correct. I'm going to sign your key to
celebrate, and we'll have to draft up a quickie-Wiki how-to ... or
manifesto? ... for building the web.
- Karsten
--
Karsten Wade, RHCE * Sr. Editor * http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
Fedora Documentation Project http://fedoraproject.org/wiki/DocsProject
Learn. Network. Experience open source.
Red Hat Summit Nashville | May 30 - June 2, 2006
Learn more: http://www.redhat.com/promo/summit/
6561
days inactive
6568
days old
7 comments
4 participants
participants (4)
-
"Guillermo Gómez S." -
Karsten Wade -
Patrick W. Barnes -
Stuart Ellis