[openstack-dev] PGP keysigning party for Juno summit in Atlanta?

Thomas Goirand zigo at debian.org
Sun Mar 30 06:32:55 UTC 2014

On 03/30/2014 10:00 AM, Mark Atwood wrote:
> Hi!
> Are there plans for a PGP keysigning party at the Juno Summit in
> Atlanta, similar to the one at the Icehouse summit in Hong Kong?
> Inspired by the URL at
> https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
> I looked for 
> https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
> to discover that that wiki page does not yet exist and I do not have
> permission to create it.
> ..m

If there's none, then we should do one.

One thing about last key signing party, is that I didn't really like the
photocopy method. IMO, it'd be much much nicer to use a file, posted
somewhere, containing all participant fingerprints. To check for that
file validity, together, we check for its sha256 sum (someone say it out
loud, while everyone is checking for its own copy). And everyone,
individually, checks for its own PGP fingerprint inside the file. Then
we just need to validate entries in this file (with matching ID documents).

Otherwise, there's the question of the trustability of the photocopy
machine and such... Not that I don't trust Jimmy (I do...)! :)

Plus having a text file with all fingerprints in it is more convenient:
you can just cut/past the whole fingerprint and do gpg --recv-keys at
once (and not just the key ID, which is unsafe because prone to
brute-force). That file can be posted anywhere, provided that we check
for its sha256 sum.

I would happily organize this, if someone can find a *quite* room with
decent network. Who can take care of the place and time?

Of course, We will need need the fingerprints of every participant in
advance, so the wiki page would be useful as well. I therefore created
the wiki page:

Please add yourself. We'll see if I can make it to Atlanta, and organize
something later on.


Thomas Goirand (zigo)

More information about the OpenStack-dev mailing list