Jump to content

Akademy/2019/GPGKeys: Difference between revisions

From KDE Community Wiki
Sitter (talk | contribs)
Created page with "= Why = GPG signing is our preferred method of establishing authenticity of anything ranging from mails to release tarballs/tags. To make this easy to verify and trustworthy..."
 
Sitter (talk | contribs)
No edit summary
Line 21: Line 21:
gpg2 --fingerprint Sitter
gpg2 --fingerprint Sitter
</code>
</code>
<br/>
<br/>
''' For the BoF Please: '''
* Bring an ID card or preferably a passport so we can verify you are who you claim to be
* Write down your fingerprint or print it out so you can verify your own fingerprint


'''Make sure to bring an ID card or preferably a passport so we can verify you are who you claim to be at the BoF.'''
Failing to do either will slow down everyone! Help us out and be prepared :)
<br/>
<br/>
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-

Revision as of 11:22, 19 August 2019

Why

GPG signing is our preferred method of establishing authenticity of anything ranging from mails to release tarballs/tags. To make this easy to verify and trustworthy it is useful to have yourself wired into the KDE web of trust (i.e. get your key signed by other KDE contributors).

If you are release manager of a project or a distribution packager it is highly recommended that you attend this BoF to get yourself wired into the release web of trust which makes tarball signature verification a lot easier.

There's lots of good guides on GPG in general and key signing in specific out on the internet, it is recommended you read up on this a bit. We'll only explain the process in broad strokes at the BoF. If you have questions you can send a mail to [email protected]

How This Works - READ THIS!

Add the name and email address of your key as well as the fingerprint below. Tuesday at 12:00 someone is going to do a print out for all listed attendants. If you would like to do your own print out, please send a mail to [email protected]. Please make sure that you send a mail if you add yourself after the deadline. It may be too late or not, but I definitely want to know.

To get your key fingerprint, you'll want to run gpg or gpg2 with the --fingerprint argument and your name or short ID.

For the BoF please make sure you know your fingerprint. For example write it down somewhere, or print it out. We'll ask you to verify that the printed fingerprint is in fact your key, so you want to have it easily accessible.

gpg2 --fingerprint Sitter

For the BoF Please:

  • Bring an ID card or preferably a passport so we can verify you are who you claim to be
  • Write down your fingerprint or print it out so you can verify your own fingerprint

Failing to do either will slow down everyone! Help us out and be prepared :)

Key OK Name <EMail> Fingerpint ID OK
Harald Sitter <[email protected]> CB93 8752 1E1E E012 7DA8 0484 3FDB B550 84CC 5D84
Your Name <[email protected]> 1234 1234 1234 FINGER PRINT