The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keysigning at Linux congress in Wuerzburg

Having heard nothing from the congress organisers, it looks like we're going
to have to do it ourselfs.

Date: thursday (first day)
Time: 4.30 p.m. (birds of a feather session time)
Place: ?

On May 5, J.H.M.Dassen wrote
> As for how it'll work, here's a proposition (mind you, I've never organised
> anything like this before, so please comment on possible holes); for
> security reasons, it will be "off-line" signing (thus not requiring you to
> bring/find a trusted system).
> 
> - BEFORE the congress, make sure an up to date version of your public key
>   is available in the developer's keyring and the regular PGP servers.
>   Make sure that
>   - it is self-signed.
>   - it includes your debian.org email address if you use that to sign
>     packages.
> - to the congress, take with you
>   - government-issued ID (must have full name and photograph), e.g. 
>     passport or driver´s license. [*]
>   - a suffient number (10?) of printouts containing
>     - your full name or net.identity
>     - your preferred email address
>     - your PGP key fingerprint with all the userids you use (esp. the
>       debian.org one if you use it).
>     - your full PGP public key (ASCII-armored).
>     - (optionally) your photograph
> - at, or after the congress,
>   - sign the keys you've verified, and mail them (ASCII-armored) to their
>     owner.
>   - after receiving the expected signatures, mail you updated key to Igor
>     for the developer's keyring, and to the regular PGP servers.

I've asked Theodore Ts'o about his setup:

|Hi there, here's the procedure that I normally follow, in the form of
|the e-mail notice which I typically mail out a few weeks in advance of
|the IETF meeting.  I've cc'ed this mesage to the Kongress organizers, to
|see if they would be willing to schedule a key signing session.
|
|It really is somethign which has to be planned in advance, since the
|attendees need to send in their PGP public keys in advance.

This is not a problem for us; Igor has an up-to-date keyring.

|Hopefully
|we can get a e-mail message out to everyone who has registered for the
|Kongress so that they can have a chance to participate if they choose.

|To: IETF-Announce:;@ietf.org
|Subject: IETF PGP Key Signing Party announcement

|Once again, we will be holding a PGP Key signing party at the IETF
|meeting in Memphis.  We have been scheduled to meet at 2230 (10:30pm) on
|the evening of Wednesday, April 9, 1997, in the Lansdown room. The
|procedure we will use is the following:
|
|o People who wish to participate should email an ASCII extract of their
|  PGP public key to <tytso@mit.edu> by 6:00pm on Wednesday of the week
|  of the IETF meeting. Please include a subject line of "IETF PGP
|  KEY".  (The ASCII key extract can be gereated using pgp -kxa)
|
|  Sending your key to me before the IETF meeting is appreciated, since
|  it reduces the number of keys that I have to collect during the
|  meeting. (In fact, why don't you send me your key right now if you
|  know will be attending, so you won't forget?)
|
|o By 10pm on Wednesday, you will be able to ftp a complete key ring
|  from tsx-11.mit.edu with all of the keys that were submitted; it will
|  be in the file /pub/tytso/ietf.asc and /pub/tytso/ietf.pgp.

Our debian-keyring covers this.

|o At 10:30pm, come prepared with the PGP Key fingerprint of your PGP
|  public key; we will have handouts with all of the key fingerprints of
|  the keys that people have mailed in.

I will provide these.

|o In turn, readers at the front of the room will recite people's keys;
|  as your key fingerprint is read, stand up, and at the end of reading
|  of your PGP key fingerprint, acknowledge that the fingerprint as read
|  was correct.
|
|o Later that evening, or perhaps when you get home, you can sign the
|  keys corresponding to the fingerprints which you were able to verify
|  on the handout; note that it is advisable that you only sign keys of
|  people when you have personal knowledge that the person who stood up
|  during the reading of his/her fingerprint really is the person which
|  he/she claimed to be.

In our case, we'll have passports to claim identity.

|o Submit the keys you have signed to the PGP keyservers. A good one to
|  use is the one at MIT: simply send mail containing the ascii armored
|  version of your PGP public key to <pgp@pgp.mit.edu>.
|
|Note that you don't have to have a laptop with you; if you don't have
|any locally trusted computing resources during the key signing party,
|you can make notes on the handout, and then take the handout home and
|sign the keys later.

I'll be off the net from Friday onwards; please send any comments before
then.

Greetings,
Ray
-- 
PATRIOTISM  A great British writer once said that if he had to choose 
between betraying his country and betraying a friend he hoped he would
have the decency to betray his country.                                      
- The Hipcrime Vocab by Chad C. Mulligan 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .