Jan Pokorný <jpoko...@redhat.com> writes: > [ Unknown signature status ] > Hello cluster masters :-) > > as there's little less than 7 weeks left to "The Summit" meetup > (<http://plan.alteeve.ca/>), it's about time to get the ball > rolling so we can voluntarily augment the digital trust amongst > us the attendees, on OpenGPG basis. > > Doing that, we'll actually establish a tradition since this will > be the second time such event is being kicked off (unlike the birds > of the feather gathering itself, was edu-feathered back then): > > <https://people.redhat.com/jpokorny/keysigning/2015-ha/> > <http://lists.linux-ha.org/pipermail/linux-ha/2015-January/048507.html> > > If there are no objections, yours truly will conduct this undertaking. > (As an aside, I am toying with an idea of optimizing the process > a bit now that many keys are cross-signed already; I doubt there's > a value of adding identical signatures just with different timestamps, > unless, of course, the inscribed level of trust is going to change, > presumably elevate -- any comments?)
Hi Jan, No objections from me, thank you for taking charge of this! Cheers, Kristoffer > > * * * > > So, going to attend summit and want your key signed while reciprocally > spreading the web of trust? > Awesome, let's reuse the steps from the last time: > > Once you have a key pair (and provided that you are using GnuPG), > please run the following sequence: > > # figure out the key ID for the identity to be verified; > # IDENTITY is either your associated email address/your name > # if only single key ID matches, specific key otherwise > # (you can use "gpg -K" to select a desired ID at the "sec" line) > KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5) > > # export the public key to a file that is suitable for exchange > gpg --export -a -- $KEY > $KEY > > # verify that you have an expected data to share > gpg --with-fingerprint -- $KEY > > with IDENTITY adjusted as per the instruction above, and send me the > resulting $KEY file, preferably in a signed (or even encrypted[*]) email > from an address associated with that very public key of yours. > > Timeline? > Please, send me your public keys *by 2017-09-05*, off-list and > best with [key-2017-ha] prefix in the subject. I will then compile > a list of the attendees together with their keys and publish it at > <https://people.redhat.com/jpokorny/keysigning/2017-ha/> > so it can be printed beforehand. > > [*] You can find my public key at public keyservers: > <http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF> > Indeed, the trust in this key should be ephemeral/one-off > (e.g. using a temporary keyring, not a universal one before we > proceed with the signing :) > > * * * > > Thanks for your cooperation, looking forward to this side stage > (but nonetheless important if release or commit[1] signing is to get > traction) happening and hope this will be beneficial to all involved. > > See you there! > > > [1] for instance, see: > <https://github.com/blog/2144-gpg-signature-verification> > <https://pagure.io/pagure/issue/885> > > -- > Jan (Poki) > _______________________________________________ > Developers mailing list > develop...@clusterlabs.org > http://lists.clusterlabs.org/mailman/listinfo/developers -- // Kristoffer Grönlund // kgronl...@suse.com _______________________________________________ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org