[LinuxTag] PGP keysigning event Friday, June 7th @ 17:00

Marc Mutz mutz at kde.org
Sat Jun 1 01:49:58 BST 2002

Hash: SHA1


Since it seems that KDE people who attend LinuxTag will be there at
least on Friday, I've arranged a workshop slot to hold a keysigning
event of Friday, 17:00 in room R 2.05[1].

Judging from last year, I'd expect more than 50 people attending the
keysigning, mostly Debian guys.
Together with the opportunites outside this event, expect to use up your
100 copies of
  gpg --with-fingerprint --list-keys <your key id>
This is no joke! Last year, I had 80 copies and that was definitely not
enough. That doesn't mean you'll get that much signatures, though. Last
year I acquired ~20 sigs. That was enough to boost me into the top100
of best-connected PGP keys (see pgp.dtype.org/keyanalyze)!

I hope to see the majority of KDE people with PGP keys there. I know of
approx. KDE 30 people coming to LinuxTag this year that have a PGP key.

I have compiled a list of KDE people of which I know or think that they
have PGP keys and this list has 41 entries. Of the 700+ people in
bugs/accounts, at least 100 have pgp keys (I have a listing containing
554 lines, but that contains duplicates, e.g. my key comes up with five
lines, since I have five UIDs).

I'd also like to repeat once more that Heise Verlag will have a booth on
LinuxTag again. They, too, will sign keys, but you have to send your
public key to them before LT or give to them on a floppy there. Getting
signed by Heise means that your key becomes instantly verifyable to
_all_ people in (at least) Germany, since Heise publishes it's keys'
fingerprint in every issue of c't.

The recent breaking into a popular IRC client's download server and
installing changed tarballs containing a trojan in the configure script
should open everyone's eyes that KDE, too, should start signing it's
tarballs. With some of the most central people in KDE having or even
actively using PGP keys we have a good starting point. But we need a
web-of-trust, too. There's no better way to build one's WoT than going
to this keysigning event. Esp. the release dudes should see that they
get a signature from Heise, so that users can actually verify the
signatures on tarballs.


Hope to see you there. Remember: A PGP key without signatures is

Thanks for listening,

[1] That's one of the two workshop/BOF session rooms.

- --
Marc Mutz <mutz at kde.org>
Version: GnuPG v1.0.7 (GNU/Linux)


More information about the kde-core-devel mailing list