[ClusterLabs] [HA/ClusterLabs Summit] Key-Signing Party, 2017 Edition
jpokorny at redhat.com
Fri Jul 21 21:15:07 CEST 2017
Hello cluster masters :-)
as there's little less than 7 weeks left to "The Summit" meetup
(<http://plan.alteeve.ca/>), it's about time to get the ball
rolling so we can voluntarily augment the digital trust amongst
us the attendees, on OpenGPG basis.
Doing that, we'll actually establish a tradition since this will
be the second time such event is being kicked off (unlike the birds
of the feather gathering itself, was edu-feathered back then):
If there are no objections, yours truly will conduct this undertaking.
(As an aside, I am toying with an idea of optimizing the process
a bit now that many keys are cross-signed already; I doubt there's
a value of adding identical signatures just with different timestamps,
unless, of course, the inscribed level of trust is going to change,
presumably elevate -- any comments?)
* * *
So, going to attend summit and want your key signed while reciprocally
spreading the web of trust?
Awesome, let's reuse the steps from the last time:
Once you have a key pair (and provided that you are using GnuPG),
please run the following sequence:
# figure out the key ID for the identity to be verified;
# IDENTITY is either your associated email address/your name
# if only single key ID matches, specific key otherwise
# (you can use "gpg -K" to select a desired ID at the "sec" line)
KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
# export the public key to a file that is suitable for exchange
gpg --export -a -- $KEY > $KEY
# verify that you have an expected data to share
gpg --with-fingerprint -- $KEY
with IDENTITY adjusted as per the instruction above, and send me the
resulting $KEY file, preferably in a signed (or even encrypted[*]) email
from an address associated with that very public key of yours.
Please, send me your public keys *by 2017-09-05*, off-list and
best with [key-2017-ha] prefix in the subject. I will then compile
a list of the attendees together with their keys and publish it at
so it can be printed beforehand.
[*] You can find my public key at public keyservers:
Indeed, the trust in this key should be ephemeral/one-off
(e.g. using a temporary keyring, not a universal one before we
proceed with the signing :)
* * *
Thanks for your cooperation, looking forward to this side stage
(but nonetheless important if release or commit signing is to get
traction) happening and hope this will be beneficial to all involved.
See you there!
 for instance, see:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Users