From kde-devel Sat Jun 01 00:49:58 2002 From: Marc Mutz Date: Sat, 01 Jun 2002 00:49:58 +0000 To: kde-devel Subject: [LinuxTag] PGP keysigning event Friday, June 7th @ 17:00 X-MARC-Message: https://marc.info/?l=kde-devel&m=102289323008037 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Since it seems that KDE people who attend LinuxTag will be there at least on Friday, I've arranged a workshop slot to hold a keysigning event of Friday, 17:00 in room R 2.05[1]. Judging from last year, I'd expect more than 50 people attending the keysigning, mostly Debian guys. Together with the opportunites outside this event, expect to use up your 100 copies of gpg --with-fingerprint --list-keys This is no joke! Last year, I had 80 copies and that was definitely not enough. That doesn't mean you'll get that much signatures, though. Last year I acquired ~20 sigs. That was enough to boost me into the top100 of best-connected PGP keys (see pgp.dtype.org/keyanalyze)! I hope to see the majority of KDE people with PGP keys there. I know of approx. KDE 30 people coming to LinuxTag this year that have a PGP key. I have compiled a list of KDE people of which I know or think that they have PGP keys and this list has 41 entries. Of the 700+ people in bugs/accounts, at least 100 have pgp keys (I have a listing containing 554 lines, but that contains duplicates, e.g. my key comes up with five lines, since I have five UIDs). I'd also like to repeat once more that Heise Verlag will have a booth on LinuxTag again. They, too, will sign keys, but you have to send your public key to them before LT or give to them on a floppy there. Getting signed by Heise means that your key becomes instantly verifyable to _all_ people in (at least) Germany, since Heise publishes it's keys' fingerprint in every issue of c't. The recent breaking into a popular IRC client's download server and installing changed tarballs containing a trojan in the configure script should open everyone's eyes that KDE, too, should start signing it's tarballs. With some of the most central people in KDE having or even actively using PGP keys we have a good starting point. But we need a web-of-trust, too. There's no better way to build one's WoT than going to this keysigning event. Esp. the release dudes should see that they get a signature from Heise, so that users can actually verify the signatures on tarballs. http://www.infodrom.org/Debian/events/LinuxTag2002/workshops.php3 http://www.infodrom.org/Debian/events/LinuxTag2002/workshop.php3?room=3DWS+= 1&day=3D2002-06-07&time=3D17:00 Hope to see you there. Remember: A PGP key without signatures is worthless. Thanks for listening, Marc [1] That's one of the two workshop/BOF session rooms. =2D -- Marc Mutz =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE8+Bo23oWD+L2/6DgRAq6lAKCQlxAkb5sslrLyo6p7EnfmKu/daQCg3ZoS 9F5kZZjvtJG6SrTVh0fYFFk=3D =3D8El4 =2D----END PGP SIGNATURE----- >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<