ghm-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ghm-discuss] Last chance to participate in keysigning


From: ghm
Subject: [Ghm-discuss] Last chance to participate in keysigning
Date: Fri, 8 Aug 2014 12:38:13 +0200

[ You are receiving this email because you have registered to attend
the GNU Hackers' Meeting in August 2014. ]

At GHM 2014, like last year, there will be a keysigning party.
We will use the Sassaman-Efficient method. See
http://www.keysigning.org/methods/sassaman-efficient 
The keyring will be finalised and published next week.
If you want to participage you must submit your key 
NO LATER THAN Sunday 10 August 2014 
Participation, is of course optional, but highly recommended.

Why would I want to participate?
================================

Two possible reasons:  a) to get your GPG key signed by others; b) to
verify the keys of other participants.

Why would I want my key to be signed?
=====================================

Having your key signed by as many people as possible makes it harder
for people to impersonate you on the internet.

Why would I want to sign other people's keys?
=============================================

If you have signed the key of another person, then when you receive
a signed email from that person, you know it really is from him/her 
and has not been altered.  Also, GNU Projects use the developers' key
to sign the source tarballs.  Thus, when you download GNU software and
you have signed the developers' key, you can be certain that the
package has not been tampered with.

How do I participate?
=====================

If you wish to participate in the keysigning, email your ascii
armoured public key to address@hidden with the subject "KEYSIGNING"
You must do this NO LATER THAN Sunday 10 August 2014 !!!!!!!!
Use the command:

 gpg --armor --export substitute-your-key-id | mail -s "KEYSIGNING" 
address@hidden

(You can find your own key using the command: gpg --list-secret-keys)

A week before the event, we will publish the list of keys and the SHA1
and MD5 checksums.  You should print out the list, and verify the
checksum of your own key, and the checksum of the list.  Then bring
that list with you, having first physically signed  or otherwise
marked all pages such that you will know they have not been substituted.

You should also bring with you a recognised form of government issued
photographic identification (eg: passport, government identity card, etc).

One aspect of this method which is often misunderstood, is that it is
essential that the participants bring their *own* printed copy of the list. 
THERE WILL BE NO COPIES DISTRIBUTED AT THE MEETING.  To do so would 
defeat its purpose.

What the hell is a GPG key? I don't understand any of the above.
================================================================

GPG is the GNU Privacy Guard.  It is one measure of defence against
spying on the internet (by government bodies or anyone else).  It
helps defend yourself against viruses, spywarem, faked email and other
attacks.  

If you haven't got a GPG key, you can create your own.  Find out how
to do this at https://gnupg.org/gph/en/manual.html


We look forward to meeting you at GHM 2014!



reply via email to

[Prev in Thread] Current Thread [Next in Thread]