On 10/16/2017 07:19 PM, Peter Maydell wrote:
> It looks like at least five people whose keys I'd like to sign
> are going to be at KVM Forum this year, so it seems worth having
> a proper key signing party rather than just me ad-hoc finding
> people and checking their ID. I am particularly interested
> in signing keys for people who are or expect they might be
> sending me pull requests.

Thanks again to Peter for hosting this key signing party.

Now that the 14 participants (presumably) have the paper with 2
checkmarks per entry (one that the person claiming the key(s) read their
personal notation and it matched what your master sheet says, the other
that you were happy with the id provided by that person), the next step
is to sign those 16 keys and either upload your signature, or to send an
encrypted mail to the key owner and have them upload your signature.
The latter is arguably a better assurance that the system worked; the
pius application can help with that, although it is not mandatory and
you can use direct gpg commands instead. (For those following along that
were not in the party, yes, we had 2 more keys than participants, as a
couple of participants had 2 keys that they wanted signed)

I'm attaching a bash script that I used to see which signatures I still
need to follow up on (both where someone has not yet signed my key, and
where I need to send my signature to someone); as usual, please
double-check it before blindly running it.

If you want more help running pius for signing and sending the signed
key to a particular recipient, see a previous mail of mine on the topic:

https://lists.gnu.org/archive/html/qemu-devel/2013-11/msg01477.html

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org