[LinuxTag] PGP keysigning event Friday, June 7th @ 17:00

From: Marc Mutz (mutz@kde.org)
Date: Sat Jun 01 2002 - 03:15:07 CEST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Joey asked me to forward this mail to you, too. It was originally
written for KDE lists, so if you don't mind reading over the
KDE-specifics... ;-)

Please consider reading the next LT info mail for more information.

Since it seems that KDE people who attend LinuxTag will be there at
least on Friday, I've arranged a workshop slot to hold a keysigning
event of Friday, 17:00 in room R 2.05[1].

Judging from last year, I'd expect more than 50 people attending the
keysigning, mostly Debian guys.
Together with the opportunites outside this event, expect to use up your
100 copies of
  gpg --with-fingerprint --list-keys <your key id>
This is no joke! Last year, I had 80 copies and that was definitely not
enough. That doesn't mean you'll get that much signatures, though. Last
year I acquired ~20 sigs. That was enough to boost me into the top100
of best-connected PGP keys (see pgp.dtype.org/keyanalyze for a
description of the metric used)!

I hope to see the majority of KDE people with PGP keys there. I know of
approx. KDE 30 people coming to LinuxTag this year that have a PGP key.

I have compiled a list of KDE people of which I know or think that they
have PGP keys and this list has 41 entries. Of the 700+ people in
bugs/accounts, at least 100 have pgp keys (I have a listing containing
554 lines, but that contains duplicates, e.g. my key comes up with five
lines, since I have five UIDs).

I'd also like to repeat once more that Heise Verlag will have a booth on
LinuxTag again. They, too, will sign keys, but you have to send your
public key to them before LT or give to them on a floppy there. Getting
signed by Heise means that your key becomes instantly verifyable to
_all_ people in (at least) Germany, since Heise publishes it's keys'
fingerprint in every issue of c't.

The recent breaking into a popular IRC client's download server and
installing changed tarballs containing a trojan in the configure script
should open everyone's eyes that KDE, too, should start signing it's
tarballs. With some of the most central people in KDE having or even
actively using PGP keys we have a good starting point. But we need a
web-of-trust, too. There's no better way to build one's WoT than going
to this keysigning event. Esp. the release dudes should see that they
get a signature from Heise, so that users can actually verify the
signatures on tarballs.

http://www.infodrom.org/Debian/events/LinuxTag2002/workshops.php3
http://www.infodrom.org/Debian/events/LinuxTag2002/workshop.php3?room=WS+1&day=2002-06-07&time=17:00

Hope to see you there. Remember: A PGP key without signatures is
worthless.

Thanks for listening,
Marc

[1] That's one of the two workshop/BOF session rooms.

- --
Marc Mutz <mutz@kde.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE8+CAc3oWD+L2/6DgRAjWPAKC8Vn9pcnGX7/vE1mc5gL5gHKrXTgCfVMDS
38f8ijCsJmzylR15ZylwQiU=
=fn5m
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.3 : Sat Jun 01 2002 - 16:42:52 CEST