Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
Daniel Kahn Gillmor d...@fifthhorseman.net writes: On Sat 2015-08-15 23:16:32 +0200, Steve Langasek wrote: This is only a valid proxy if you and the people you're exchanging keys with are present for the *same* display of the checksum and confirm that it matches. Otherwise, it's just another example of that sketchy dkg character trying to compromise the Debian keyring by using different checksums for non-overlapping audiences. Indeed! Additionally, I hope that there will be people present who will catch me if i do that. Feel free to compare the photo you take at the live demos with the photo your friend took during the welcome session and call out if they don't match. I didn't attend the BOF and won't attend the live demos. I was wondering if a interesting time to display the hash is on the morning briefing. That way lot of us will see it, as there is no other event at the same time. -- Rémi Vanicat ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 08:50:55PM +0200, Daniel Kahn Gillmor wrote: On Sat 2015-08-15 20:00:29 +0200, Anibal Monsalve Salazar wrote: On 15/08/2015 5:08 PM, Sven Bartscher sven.bartsc...@weltraumschlangen.de wrote: Unfortunately I arrived after that. Is there any other opportunity, to compare the hash, in sight? Look for dkg or me to compare the hash. Or, come to the live demo lightning talks session Sunday evening at 18:00 in Berlin/London, where Aníbal and i will give a live demo of how to sign keys with people in person. The hash of the file will be displayed during the live demo. This is only a valid proxy if you and the people you're exchanging keys with are present for the *same* display of the checksum and confirm that it matches. Otherwise, it's just another example of that sketchy dkg character trying to compromise the Debian keyring by using different checksums for non-overlapping audiences. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat 2015-08-15 23:16:32 +0200, Steve Langasek wrote: This is only a valid proxy if you and the people you're exchanging keys with are present for the *same* display of the checksum and confirm that it matches. Otherwise, it's just another example of that sketchy dkg character trying to compromise the Debian keyring by using different checksums for non-overlapping audiences. Indeed! Additionally, I hope that there will be people present who will catch me if i do that. Feel free to compare the photo you take at the live demos with the photo your friend took during the welcome session and call out if they don't match. --dkg, very much appreciating the healthy paranoia signature.asc Description: PGP signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 10:34:51AM +0200, Rhonda D'Vine wrote: For those who weren't really prepared or able to high-speed compare the checksum from the opening session: There will be a Key Signing Best Practices BoF going on in Amsterdam at 14:00 today and the checksum will be read there: https://summit.debconf.org/debconf15/meeting/356/key-signing-best-practices/ Please prepare the checksum from the file and attend the bof so you can compare it with the others at ease. This rather important part of the keysigning really shouldn't be at the same time of the keynote. The BoF is fine then, of course, but the hash should be confirmed otherwise. Michael ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 15/08/15 12:18, alberto fuentes wrote: On Sat, Aug 15, 2015 at 12:05 PM, Martin Steigerwald mar...@lichtvoll.de mailto:mar...@lichtvoll.de wrote: This collides directly with the talk by Bradley, I wish to attend. Will there be another opportunity for this? How long will it take? Of course I can try to watch the livestream of the talk by Bradley, but I´d rather not multitask on keysigning things. i certainly hope so... so the members of video team have a chance to participate as well :P How about a morning at 9h30m, before the official even updates and raffle? That's probably a time where everybody would be available. Another options would be to just have it on screen during the morning updates (needs to talk with Orga). What I'm wondering is if we are doing a Distribute KSP, why we don't check the hash also in a distributed way? By sharing your hash when you are exchanging info to sign a key or by sharing it publicly via people.debian.org, IRC, a mail list thread, or even microblogging, anywhere you can say here's my hash, it matches anibal's hash. Kind regards, - -- Felipe Augusto van de Wiel (faw) f...@funlabs.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJVzxbFAAoJEMa4WYSFUi4t/QEQALkeiPgvnxc025z0YPGOI55R WhgII6GsAj/r/miDHsGW2/gd5Dcp+4hshyli54GzdmEu1CEhNQ0ZhQUOtGohCANg fWNlnG87TdcVFt5CK8e53OZTCKuw0b85wn2s9Jltda1iyi8b/KwKradT49KulJI6 QhV8114PlOkyYCEFBsKmuYvYGoj07uJIAktd/HuZr3Pz4fHRRYIkhLbmGuT6Jhw1 LauXZRXf/uOw4MvHG40SdKKkP+3TjjKKGpR1YSyCSZ1kfIJXsD0gEPfswZclEo+w kTTichAjVzHWl8OGC5HS35XNlqFW5uvYbFUQ34Me5AYTIChgTjcGSmtAybpXkeWM M6Pc7I991jxqapzslo61CO5CpPsW6+QgMdP1q4MVXdsuf+xhxXmRGJz+DVG+2hmb OLYoi4DTmXE/HKC0I/GvIt4LWloyLQYvBUqJypcGgfFietE+fNe0VhWeT22P9rTa 5YEMKBw1koPxNJdUBshRl8aLNqnFCnVo2EWEH6Yutk9ci19DGRWSISQVTsqlLLJU cnJ9wIfIuXgBjFlwQXZ0JqK+zr/Cjv9mnQQgMf8Vp9gjC9frBpFEnbcPlp5i2l+S fojww54xwuO1Lk8MibXU7yQJ+wSUGHqfWhnMnm+/Nl//nuPut4eOfZWnvpDngkPM kmGvcDf9ApdW7jOpIU7p =bZoz -END PGP SIGNATURE- ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
Am Samstag, 15. August 2015, 10:34:51 schrieb Rhonda D'Vine: Hi! Hi Rhonda, For those who weren't really prepared or able to high-speed compare the checksum from the opening session: There will be a Key Signing Best Practices BoF going on in Amsterdam at 14:00 today and the checksum will be read there: https://summit.debconf.org/debconf15/meeting/356/key-signing-best-practices / Please prepare the checksum from the file and attend the bof so you can compare it with the others at ease. This collides directly with the talk by Bradley, I wish to attend. Will there be another opportunity for this? How long will it take? Of course I can try to watch the livestream of the talk by Bradley, but I´d rather not multitask on keysigning things. Thanks, -- Martin ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
isnt amsterdam a little small for this bof if people is going to check the checksum there? On Sat, Aug 15, 2015 at 10:34 AM, Rhonda D'Vine rho...@deb.at wrote: Hi! For those who weren't really prepared or able to high-speed compare the checksum from the opening session: There will be a Key Signing Best Practices BoF going on in Amsterdam at 14:00 today and the checksum will be read there: https://summit.debconf.org/debconf15/meeting/356/key-signing-best-practices/ Please prepare the checksum from the file and attend the bof so you can compare it with the others at ease. See you there! Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los| ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 12:05 PM, Martin Steigerwald mar...@lichtvoll.de wrote: This collides directly with the talk by Bradley, I wish to attend. Will there be another opportunity for this? How long will it take? Of course I can try to watch the livestream of the talk by Bradley, but I´d rather not multitask on keysigning things. i certainly hope so... so the members of video team have a chance to participate as well :P ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 12:39 PM, Felipe Augusto van de Wiel (faw) f...@funlabs.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 15/08/15 12:18, alberto fuentes wrote: What I'm wondering is if we are doing a Distribute KSP, why we don't check the hash also in a distributed way? By sharing your hash when you are exchanging info to sign a key or by sharing it publicly via people.debian.org, IRC, a mail list thread, or even microblogging, anywhere you can say here's my hash, it matches anibal's hash. The whole point to check the hash is so you only have to do it once... Otherwise, if you are going to do it with every person, you better check the fingerprint of that person instead :P ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
Hi, Le 15/08/2015 12:05, Martin Steigerwald a écrit : Am Samstag, 15. August 2015, 10:34:51 schrieb Rhonda D'Vine: There will […] in Amsterdam at 14:00 today and the checksum will be read there: Will there be another opportunity for this? Extra points if that happens after Tuesday (included). Regards David signature.asc Description: OpenPGP digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On 15/08/2015 5:08 PM, Sven Bartscher sven.bartsc...@weltraumschlangen.de wrote: On Sat, 15 Aug 2015 10:34:51 +0200 Rhonda D'Vine rho...@deb.at wrote: Hi! For those who weren't really prepared or able to high-speed compare the checksum from the opening session: There will be a Key Signing Best Practices BoF going on in Amsterdam at 14:00 today and the checksum will be read there: https://summit.debconf.org/debconf15/meeting/356/key-signing-best-practices/ Please prepare the checksum from the file and attend the bof so you can compare it with the others at ease. Unfortunately I arrived after that. Is there any other opportunity, to compare the hash, in sight? Look for dkg or me to compare the hash. ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat 2015-08-15 20:00:29 +0200, Anibal Monsalve Salazar wrote: On 15/08/2015 5:08 PM, Sven Bartscher sven.bartsc...@weltraumschlangen.de wrote: Unfortunately I arrived after that. Is there any other opportunity, to compare the hash, in sight? Look for dkg or me to compare the hash. Or, come to the live demo lightning talks session Sunday evening at 18:00 in Berlin/London, where Aníbal and i will give a live demo of how to sign keys with people in person. The hash of the file will be displayed during the live demo. We encourage you to meet people, learn about them, and exchange fingerprints throughout the conference. --dkg signature.asc Description: PGP signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 12:49:43PM +0200, alberto fuentes wrote: What I'm wondering is if we are doing a Distribute KSP, why we don't check the hash also in a distributed way? By sharing your hash when you are exchanging info to sign a key or by sharing it publicly via people.debian.org, IRC, a mail list thread, or even microblogging, anywhere you can say here's my hash, it matches anibal's hash. The whole point to check the hash is so you only have to do it once... Otherwise, if you are going to do it with every person, you better check the fingerprint of that person instead :P I think we strongly need a proper list of things to do when you want to sign a key/get one signed, to avoid confusion. -- WBR, wRAR signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, Aug 15, 2015 at 4:33 PM, Andrey Rahmatullin w...@debian.org wrote: The whole point to check the hash is so you only have to do it once... Otherwise, if you are going to do it with every person, you better check the fingerprint of that person instead :P I think we strongly need a proper list of things to do when you want to sign a key/get one signed, to avoid confusion. so to make clear what i meant, checking that this guys's fingerprint match the one you have of him :) I would argue that we are in need of better tools for key signing to make it easier and more ubiquitous... but nobody with user interface experience seem to care enough to do that so far :) I guess a proper list of things to check could do for now... :P ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!
On Sat, 15 Aug 2015 10:34:51 +0200 Rhonda D'Vine rho...@deb.at wrote: Hi! For those who weren't really prepared or able to high-speed compare the checksum from the opening session: There will be a Key Signing Best Practices BoF going on in Amsterdam at 14:00 today and the checksum will be read there: https://summit.debconf.org/debconf15/meeting/356/key-signing-best-practices/ Please prepare the checksum from the file and attend the bof so you can compare it with the others at ease. Unfortunately I arrived after that. Is there any other opportunity, to compare the hash, in sight? Regards Sven ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss