[openstack-dev] Fwd: [Openstack-devel] PGP key signing party during the HK summit

Thomas Goirand zigo at debian.org
Sat Sep 21 07:09:31 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/20/2013 09:59 PM, Jeremy Stanley wrote:
> On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote:
>> Has anyone thought about having a PGP key signing party during the
>> summit?
> [...]
> 
> I'm preparing some documents to help socialize an OpenPGP web of
> trust amongst our Release Cycle Management team members, with a hope
> of getting a strong set of validated signatures between each of us
> while we're in Hong Kong. This documentation will be similar to
> (essentially a superset of) the current key signing
> recommendations/consensus within the Debian developer community as
> well as from some other relevant sources. There are improvements I'm
> eager to make to our release processes and automation which will
> hinge on a solid web of trust, initially amongst those participating
> in release processes (signing git tags, attesting to tarballs and so
> on) but ultimately strengthened by extending that trust throughout
> the contributor base and our downstream consumers.
> 
> My current goal is to organize an official key-signing party for the
> entire community at the "J" summit--but I expect it to be a fairly
> large event and would want a time slot for it which didn't overlap
> with any design sessions--so we'll need to plan it fairly far in
> advance. I still intend to have key management and key signing
> recommendations published for the benefit of the OpenStack developer
> community in the coming weeks (in time for the Icehouse summit in
> Hong Kong), and encourage people to validate and sign each other's
> keys at any opportunity. I personally will be happy to make time
> between sessions and at evening events to exchange key fingerprints
> and show/check passports with anyone who is interested, and hope
> others will do the same.

Hi Jeremy,

I would suggest that you get in touch with DKG (hereby, CC:-ed), who is
the pgp person normally organizing the key-signing events at Debconf. I
am sure he will be able to point out the relevant documents explaining
how this should work.

Thomas Goirand (zigo)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iEYEARECAAYFAlI9RikACgkQl4M9yZjvmkm60gCg4eWAm1o61IdKw5g2f5ZqoSKh
5CYAn1Pjk9G83SqjrqfqzfZZ5tCzEyAA
=m/0R
-----END PGP SIGNATURE-----

More information about the OpenStack-dev mailing list