[uds-announce] Keysigning party UDS-Q - Keyring and printouts available
Iain Lane
laney at ubuntu.com
Thu May 10 22:36:17 UTC 2012
Hi,
On Thu, May 10, 2012 at 02:26:26PM -0700, Geoffrey Thomas wrote:
> Can you include full fingerprints in the text file, not just the
> 32-bit key ID? I cannot guarantee that Asheesh will not go create a
> key with ID 5C413520 by the time we all get back to our computers to
> sign keys... :-)
Yes, please. Also the format could be improved to make it easier to work
with, like those we had at previous UDS
http://people.canonical.com/~sconklin/ksp-maverick/ksp-file.txt
but this isn't so crucial.
> Alternatively, should we be verifying our fingerprint in the keyring
> right now, and can we have a reading of the SHA-1 sum of the keyring
> in addition to the text file?
It's not so reliable to do this, since there are enough places in a GPG
keyring (and a bz2 file) that arbitrary data can be stuffed in order to
generate a collision if someone so desired.
If everyone verifies their full fingerprint in the text file is correct
and also makes sure to verify this when signing then we only need to
read the checksums of the file. It also cuts down on the time that the
KSP takes.
Cheers,
--
Iain Lane [ iain at orangesquash.org.uk ]
Debian Developer [ laney at debian.org ]
Ubuntu Developer [ laney at ubuntu.com ]
PhD student [ ial at cs.nott.ac.uk ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/uds-announce/attachments/20120510/7c729cd1/attachment.pgp>
More information about the uds-announce
mailing list