[openstack-dev] [all] Key signing at the summit?

Thomas Goirand zigo at debian.org
Tue Nov 11 00:26:30 UTC 2014

On 10/27/2014 10:45 PM, Jeremy Stanley wrote:
> If there is interest in doing another Sassaman-Projected Method
> exercise at future events

I really wish we do *not* reproduce what happened in Atlanta.

We had a few seconds to check IDs, and sorry, but I'm not familiar with
most US driver's licenses. It went so fast that I couldn't even catch up
with my printed list checkmarks.

I also usually don't trust government IDs in general, and I very much
prefer to know people, and check that there's others in the project that
can vouch for their identity.

Even better: I usually don't sign *at all* the keys from the people I
wont recognize if I see them again. Otherwise, I don't see the point at
all, if we just sign the keys of everyone in the room. We then better
have just an OpenStack keyring, just like there's a Debian developer
keyring, on which we delegate the trust to some kind of organization
(but this needs to be used for something...).

If we do another key signing party in Vancouver, then I propose that:

1/ We take enough time (1 hour is the bare minimum)
2/ We use that time so we can gather in small groups of people that we
don't know, and take the time to present ourselves to others, and tell
what we do, who we are, etc.

It doesn't mater if we end-up signing a lot less keys. And for those
persons which we know already, it's easy to ask for a fingerprint copy,
and this can take just a few seconds (no need to even check for the
government IDs).


Thomas Goirand (zigo)

More information about the OpenStack-dev mailing list