* [Qemu-devel] Key signing party at KVM Forum 2017
@ 2017-10-16 17:19 Peter Maydell
2017-10-20 11:22 ` Igor Mammedov
2017-10-27 19:36 ` Eric Blake
0 siblings, 2 replies; 4+ messages in thread
From: Peter Maydell @ 2017-10-16 17:19 UTC (permalink / raw)
To: QEMU Developers
It looks like at least five people whose keys I'd like to sign
are going to be at KVM Forum this year, so it seems worth having
a proper key signing party rather than just me ad-hoc finding
people and checking their ID. I am particularly interested
in signing keys for people who are or expect they might be
sending me pull requests.
How it works: if you want to take part:
(1) you MUST EMAIL ME your key info, as produced by
"gpg --fingerprint [your-key-ID-here]", by this Friday (Oct 20th)
at the latest. (I will be printing this stuff out and won't have
access to a printer after that. No late submissions please!)
(2) you will need to BRING WITH YOU:
a) positive (government-issued) photo ID, eg a passport
b) a printed out copy of your key info
(independently of what you send me)
c) a pen or pencil
Don't attempt to bring or use a computer!
https://wiki.qemu.org/KeySigningParty
has the details of how this will work; there will be a lot of
chanting of hex digits. It's a bit odd but by following the
process we can get through a big group of people checking
key IDs more quickly.
I plan to do this in the Thursday 17:30 BoF session slot,
unless somebody wants to suggest a better timeslot.
thanks
-- PMM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] Key signing party at KVM Forum 2017
2017-10-16 17:19 [Qemu-devel] Key signing party at KVM Forum 2017 Peter Maydell
@ 2017-10-20 11:22 ` Igor Mammedov
2017-10-27 19:36 ` Eric Blake
1 sibling, 0 replies; 4+ messages in thread
From: Igor Mammedov @ 2017-10-20 11:22 UTC (permalink / raw)
To: qemu-devel
Hi Peter,
here is my key fingerprint for key signing party if it's not too late
pub 4096R/F14191D4 2017-10-20
Key fingerprint = 23B8 11E7 7EFB D339 50AE 0D43 5BCA 8AE0 F141 91D4
uid Igor Mammedov <imammedo@redhat.com>
sub 4096R/91ED3DB8 2017-10-20
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] Key signing party at KVM Forum 2017
2017-10-16 17:19 [Qemu-devel] Key signing party at KVM Forum 2017 Peter Maydell
2017-10-20 11:22 ` Igor Mammedov
@ 2017-10-27 19:36 ` Eric Blake
2017-10-27 20:19 ` Eric Blake
1 sibling, 1 reply; 4+ messages in thread
From: Eric Blake @ 2017-10-27 19:36 UTC (permalink / raw)
To: Peter Maydell, QEMU Developers
[-- Attachment #1.1: Type: text/plain, Size: 1843 bytes --]
On 10/16/2017 07:19 PM, Peter Maydell wrote:
> It looks like at least five people whose keys I'd like to sign
> are going to be at KVM Forum this year, so it seems worth having
> a proper key signing party rather than just me ad-hoc finding
> people and checking their ID. I am particularly interested
> in signing keys for people who are or expect they might be
> sending me pull requests.
Thanks again to Peter for hosting this key signing party.
Now that the 14 participants (presumably) have the paper with 2
checkmarks per entry (one that the person claiming the key(s) read their
personal notation and it matched what your master sheet says, the other
that you were happy with the id provided by that person), the next step
is to sign those 16 keys and either upload your signature, or to send an
encrypted mail to the key owner and have them upload your signature.
The latter is arguably a better assurance that the system worked; the
pius application can help with that, although it is not mandatory and
you can use direct gpg commands instead. (For those following along that
were not in the party, yes, we had 2 more keys than participants, as a
couple of participants had 2 keys that they wanted signed)
I'm attaching a bash script that I used to see which signatures I still
need to follow up on (both where someone has not yet signed my key, and
where I need to send my signature to someone); as usual, please
double-check it before blindly running it.
If you want more help running pius for signing and sending the signed
key to a particular recipient, see a previous mail of mine on the topic:
https://lists.gnu.org/archive/html/qemu-devel/2013-11/msg01477.html
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #1.2: cross-sign --]
[-- Type: text/plain, Size: 1764 bytes --]
#!/bin/bash
# Cross-check for key-signing party followup
# Currently tuned for KVM Forum 2017
ME=${0##*/}
case $# in
1) my_id=$1 ;;
*) echo "Usage: $ME YOUR_GPG_KEY_ID" 1>&2; exit 1;;
esac
: ${use_temp_keyring=y}
: ${refresh=y}
# Key IDs of the people who participated in the kvm gpg key-signing.
keys='
be86ebb415104fdf
a7a16b4a2527436a
b90bc7abe7c41e65
0d8721d82838c7d8
0516331ebc5bfde7
ad1270cc4dd0279b
64df38e8af7e215f
9ca4abb381ab73c8
71d4d5e5822f73d6
dae8e10975969ce5
5bca8ae0f14191d4
3c2525ed14360cde
df32e7c0f0fff9a2
f407db0061d5cf40
7f09b272c88f2fd6
ca35624c6a9171c6
'
# Given gpg --list-sig ... output, print only those lines that start
# with "uid" and contain an "@"; print each unique name only once.
uid_name_filter() { grep '^uid.*@' | sort -t'<' -u -k1,1 |
sed 's/^uid[[:space:]]*/ /'; }
if test "$use_temp_keyring" = y; then
# Create a temporary directory in which to download keys.
export GNUPGHOME=$(mktemp -d)
# Remove it upon interrupt and upon normal termination.
for sig in 1 2 3 13 15; do eval "trap 'exit $(expr $sig + 128)' $sig";
done
trap 'rm -fr "$GNUPGHOME"' 0
# Use a server that's better than the default.
echo keyserver hkp://pool.sks-keyservers.net > "$GNUPGHOME/gpg.conf"
# Get latest keys/signatures from key servers.
gpg --recv-keys $(echo $keys)
else
test "$refresh" = y \
&& gpg --refresh-keys $(echo $keys)
fi
echo
echo who appears not to have signed $my_id:
s=$(gpg --list-sig $my_id)
gpg --list-keys \
$(for i in $(echo $keys); do echo "$s" | grep -qi $i || echo $i; done) \
| uid_name_filter
echo
echo who has not yet uploaded a signature by $my_id on their key:
for i in $(echo $keys); do
gpg --list-sig $i | grep -qi $my_id || gpg --list-key $i
done | uid_name_filter
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 619 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] Key signing party at KVM Forum 2017
2017-10-27 19:36 ` Eric Blake
@ 2017-10-27 20:19 ` Eric Blake
0 siblings, 0 replies; 4+ messages in thread
From: Eric Blake @ 2017-10-27 20:19 UTC (permalink / raw)
To: QEMU Developers
[-- Attachment #1: Type: text/plain, Size: 661 bytes --]
On 10/27/2017 09:36 PM, Eric Blake wrote:
> If you want more help running pius for signing and sending the signed
> key to a particular recipient, see a previous mail of mine on the topic:
>
> https://lists.gnu.org/archive/html/qemu-devel/2013-11/msg01477.html
Unfortunately, on Fedora 26, the current versions of pius and gpg have
an incompatibility that resulted in failure when I tried to use it, so
you may want to wait for the resolution of
https://bugzilla.redhat.com/show_bug.cgi?id=1507152 before trying...
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 619 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-27 20:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-16 17:19 [Qemu-devel] Key signing party at KVM Forum 2017 Peter Maydell
2017-10-20 11:22 ` Igor Mammedov
2017-10-27 19:36 ` Eric Blake
2017-10-27 20:19 ` Eric Blake
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.