[uds-announce] Keysign party - Keyring and txt file clarifications
Evan Broder
evan at ebroder.net
Thu Nov 3 21:47:58 UTC 2011
The md5sums and sha1sums that were sent out initially are fine if you
strip the GPG signature from the text printout. Which is fine -
there's no reason to sign those text files. I would in fact prefer
that the file wasn't signed.
If each person verifies that the hash of the file on their computer
matches the hash printed on the sheet of paper, then we collectively
agree that the hashes on our sheets of paper are the same, we can all
be sure that the files on our computers are the same.
If I then tell you that my GPG fingerprint *in my file* (not on my
paper) is accurate, you can be sure that the finger print in *your*
file is also accurate.
At the end of the day, the paper is a convenient way to avoid us all
having to carry our laptops around, but ideally shouldn't be treated
as an authoritative source for any information but the hash of the
file on our computers.
On Thu, Nov 3, 2011 at 5:28 PM, Marc Cluet <marc.cluet at ubuntu.com> wrote:
> Just write down the new checksums, we'll recite them at the beginning of the meeting :)
>
>
> On 3 Nov 2011, at 17:20, Jonathan Carter (highvoltage) wrote:
>
>> On 11-11-03 05:18 PM, Marc Cluet wrote:
>>> Just for everyone coming to the keysign party.
>>>
>>> There was a mistake from my part creating the keyring file, I've just uploaded right now a new one and redid the MD5 and SHA1 hashes.
>>>
>>> Apologies for the mistake and thanks to Dave Martin to point the error out :)
>>
>> So does this mean I have to get a new sheet somewhere or should I just
>> write down the new md5sums/sha1sums?
>>
>> -Jonathan
>
>
>
> --
> uds-announce mailing list
> uds-announce at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/uds-announce
>
More information about the uds-announce
mailing list