cocoon-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@cocoon.apache.org
Subject [Cocoon Wiki] Updated: CocoonGetTogether2004PGP
Date Sat, 02 Oct 2004 02:05:43 GMT
   Date: 2004-10-01T19:05:43
   Editor: DavidCrossley <crossley@apache.org>
   Wiki: Cocoon Wiki
   Page: CocoonGetTogether2004PGP
   URL: http://wiki.apache.org/cocoon/CocoonGetTogether2004PGP

   Add some links to useful resources. Add the "identity" and "trust" components.

Change Log:

------------------------------------------------------------------------------
@@ -1,10 +1,10 @@
+#pragma section-numbers off
+
 = PGP key validation at the GT2004 =
 
 == How it works ==
 The GT is a good occasion to verify each other's PGP key.
 
-Here's how to do it (thanks to Dirk-Willem for the explanation):
-
  * Ensure your fingerprint is at a keyserver (See http://pgp.mit.edu/) for details.
 
  * '''Before''' the day of the event, add your fingerprint and email on this page, i.e. add
the output of:
@@ -17,9 +17,18 @@
 
  * Whenever you meet (or at a special keysigning time) someone who is on the list, then you
can each verify with each other that *your key* on *their printout* is correct. Or in other
words, that their printout really matches your key.
 
- * Then *they* mark an OK next to your name on *their printout*.
+ * It is important to be sure that it is the correct person (the easiest way is to view their
passport). You also need to estimate how much you trust that person to be diligent with following
the proper procedure.
+
+ * Then you can each mark the relevant name on your printed list.
+
+ * Once you get home, you can add/sign each of the fingerprints that you have made a mark
against, after you have fetched them from the keyserver.
+
+ * Do not just automatically sign everyone on the list without proper verification. You must
assert each identity.
 
- * Once you get home, you can add/sign each of the fingerprints you have made a mark against,
after you fetched them from the keyserver.
+== Other resources ==
+ * The GNU Privacy Handbook [http://www.gnupg.org/gph/en/manual.html]
+ * Portrayals of the web of trust [http://www.apache.org/~henkp/trust/apache.html] and [http://www.apache.org/~erikabele/tools/wot/wot.html]
+ * For Apache committers there is a full explanation at cvs://committers/docs/pgp-key-signing.txt
 
 == Key fingerprints ==
 

Mime
View raw message