You are viewing a plain text version of this content. The canonical link for it is here.
Posted to attendees@apachecon.com by Sander Temme <sa...@temme.net> on 2004/11/03 07:30:04 UTC
ApacheCon 2004 PGP Keysigning Announcement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear fellow ApacheCon attendee,
This is the invitation to participate in the ApacheCon 2004 PGP
Keysigning Event. If you would like to be a part of this, please
e-mail your public key to me for inclusion in the list.
At the Keysigning Event, you will mutually verify each other's
identity and ownership of your PGP public keys. Signing other
participants' keys based on this verification allows you to extend
your web of trust, and perhaps to encompass the keys that the
Apache developers use to sign releases.
Subject to ApacheCon planning and scheduling, the Keysigning Event
will take place on Monday, November 15 2004 at 7:30 PM at the ApacheCon
venue. A specific room will be announced at the conference.
P R E P A R A T I O N
1) E-mail your key to me at the above address <sa...@temme.net>
before midnight (eastern US time), Wednesday, November 10.
2) I will compile a list of the fingerprints of all the keys I
receive and make this list available for download. You will
receive an e-mail message with the download URL. For convenience,
a keyring containing all the keys on the list will be made
available as well.
3) You download the list, take its SHA-1 checksum(1), print out a
hardcopy of both the list and the checksum and bring those to the
conference. This is very important: no physical copies of the list
will be available at the keysigning event.
4) Verify that your entry in the list is correct.
W H A T T O B R I N G
1) The printed list
2) Your checksum of the downloaded list file
3) A pen. Or two. Maybe different colors. Go to town.
4) Some form of ID... passport, driver's license, unique pheromone
pattern, anything that will convince your fellow participants
of your identity. Note that it is up to each participant's
judgement whether your ID has been sufficiently verified to sign
your key.
5) No computer.
No computer? No. Don't bring your computer to the event. No keys are
actually signed at the event. Really paranoid fellow participants
will point to the dangers of shouldersurfing for your private key
passphrase, and the presence of computers at the signing event would
interfere with the smooth progress thereof. We all spend too much
time with our computers anyway.
More information on the event can be found at the ApacheCon Wiki:
http://wiki.apache.org/ApacheCon/PgpKeySigning
Mail me your key! Today! Hope to see you at ApacheCon!
Regards,
Sander Temme
(1) To take the SHA-1 checksum of a file on a Linux system, run the
command 'openssl sha1 <filename>'. The openssl command is also
available on MacOSX. On Windows, OpenSSL is available as part of
the Cygwin package. An alternative location for a SHA-1 hash
program may be found at the following URL:
http://www.handyarchive.com/free/sha-1/ (not tested).
- --
sander@temme.net http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQYh67bK+vEAVKSSvEQJobgCgpkPckbb97Ep5iwNRDKxSGDjz77UAoO8P
1E2Dokb/5IOI8hb9dITkaoFh
=Mg45
-----END PGP SIGNATURE-----
Re: ApacheCon 2004 PGP Keysigning Announcement
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
-----BEGIN PGP SIGNED MESSAGE-----
Sander Temme wrote:
>
> P R E P A R A T I O N
>
> 1) E-mail your key to me at the above address <sa...@temme.net>
Do *NOT* just hit 'reply', because your message will *not* go
to Sander. You need to enter his address explicitly.
- --
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/
Author, developer, opinionist http://Apache-Server.Com/
"Millennium hand and shrimp!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBQYlahJrNPMCpn3XdAQG4ZgQAoFKBzIvx0fUc9yOv18DZ/d8z2DWxiCkK
78qyGUSg0cBc/EsfSNst/7GDLsPsh0uNc2G0EEpZei1SRbXFOMwZl3bb0BJh0YDb
NzzqrDR3rrUrEESx5qB56S4LCEGZw45bQ6tX1Pp26lQcVbXGkVtg3QNTpmokszjI
LciSoA57nTY=
=LOPw
-----END PGP SIGNATURE-----