[openstack-dev] OpenStack's OpenPGP Web of Trust
Jeremy Stanley
fungi at yuggoth.org
Thu Oct 31 02:15:33 UTC 2013
In an effort to promote broader adoption of OpenPGP throughout the
OpenStack developer community, I've posted a start to some
documentation...
https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust
We've been talking about this for a while, but with the Icehouse
Summit just a few days away I wanted to have some guidelines up
somewhere specific to our community as a place to refer people
asking about key signing and verification. The eventual goal is for
this to document the ways in which we rely on OpenPGP in an official
project capacity (releases, advisories and so on), but in the
meantime it serves to collect some recommendations and links to good
resources on hygienic key management.
I'd love for people already using OpenPGP within our community to
sign each other's keys as opportunities present themselves, since
this activity strengthens and grows a healthy web of trust. A summit
is a great opportunity for exchanging identification and collecting
key fingerprints as many of us will be in the same rooms anyway. I
just wanted to take this as an opportunity to remind everyone who's
planning on being in Hong Kong next week, if you have a key and are
open to some opportunistic signing then don't hesitate to approach
others whom you know also use theirs and inquire whether they have a
moment for you to show each other identification and exchange key
fingerprints.
I hope to see many of you at the summit--and of course feel free to
ask me to sign your key!
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131031/5ef700a5/attachment.pgp>
More information about the OpenStack-dev
mailing list