[Mini-DebConf] Key signing-party list
Christian PERRIER
bubulle at debian.org
Ven 29 Oct 05:41:42 UTC 2010
Quoting Georges Khaznadar (georges.khaznadar at free.fr):
> Thank you Tanguy!
> hello all,
>
> as I did not want to print 13 pages out of the text file Tanguy
> attached, I converted it to a two-column document with tiny fonts with
> PdfLaTeX, here it is:
>
> http://wiki.debconf.org/wiki/Miniconf-Paris/2010#Save_the_trees.21_here_is_a_printout_on_4_pages_for_the_keysigning_party
Thanks for this work, Georges. However, a very important point : if
people use lists instead of exchanging fingerprints, then they need a
way to check the validity of what's in the list
In short, people should have verified their fingerprint in Tanguy's
list, tanguy should compute its MD5 and SHA1 checksums. Then, at some
time during the miniconf, the participants should gather and these
checksums should be read loudly so that everybody verifies that
(s)he has the Right List. Finally, during the face to face signing
process, people have to confirm that they verified their key in the
list and that it matches.
In short, we need *one* reference list and that would be
Tanguy's. Anybody using your file without prior checking by
partyicipants that it contains their right fingerprint will be wrong.
Your work is important, for sure, but it would be better to share the
way you produced this PDF file from Tanguy's text file so that people
can still print a tree-savvy file....but still be sure that they have
the right list.
I hope this is clear..:-)
I would anyway recommend to *still* bring fingerprints (which reminds
me that I should print some!).
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 836 octets
Desc: Digital signature
URL: <http://france.debian.net/pipermail/asso/attachments/20101029/6e18d3be/attachment.pgp>
More information about the Asso
mailing list