Category Archives: pgp
I’ve got around to the most tedious post-FOSDEM chore: keysigning. Last night I signed 89 keys verified at the keysigning, and this morning I imported a bunch of signatures people have mailed me (though I expect the latter may continue arriving for a while). All great for building a web of trust, especially in terms of bootstrapping the new 4096-bit key.
The FOSDEM keysigning event itself was … different. It took place outdoors, with a gusting wind that made wielding a wodge of paper quite challenging, let alone writing on it, all the while with an extra hand required to exchange identity documents with everyone. At least it didn’t rain!
This year’s FOSDEM weekend was quite mild for early February – in contrast to the past two years. I was fine in just my middling-weight fleece and good layer of natural organic insulation, but then I’m always fine when others are shivering. It was evidently a bit more of an ordeal for some from warmer climes, leaving one with a hint of a moral dilemma. Surely as a gentleman I should go to the aid of the (very attractive) spanish girl who was visibly suffering from cold/wind? But alas, that defeats the purpose of being out there in the first place, not to mention being open to …. interpretation. Maybe I’ll take Don Quixote to next year’s FOSDEM, to be mentally prepared for chivalrous folly
If anyone thinks I should have signed their key but haven’t, feel free to drop me a line. If it’s because I didn’t in fact make a note of having verified your identity, then sorry, no deal. But it could also be that I overlooked someone when reviewing my notes last night, in which case I’ll be happy to re-check the notes for the tick against your key.
I’ve booked my travel and hotel for FOSDEM. Arriving Friday early evening, leaving Monday after lunch, so I have a few hours beyond the core event. Hope to meet some of my readers in person next weekend in Brussels!
In preparation for FOSDEM, I uploaded my PGP key to FOSDEM’s server for the keysigning – assuming I make it this year! And in doing so, I found a spare round tuit to generate a new 4096-bit key in anticipation of a time when Moore’s law overtakes my existing 1024-bit key. My new key has number B87F79A9 and fingerprint
3CE3 BAC2 EB7B BC62 4D1D 22D8 F3B9 D88C B87F 79A9
and should by now be propagating its way around the keyservers, along with my signature with the old key.
This year I’ll be actively looking at the jobs desk, for anyone whose needs might fit my expertise and aspirations.
We had a very small keysigning last Wednesday at ApacheCon (thanks Jean-Frederic Clere for organising it). I exchanged identity details with about 20 others, many of whom I already know.
Today I got around to digging up my list of details, and signing 11 keys I hadn’t already signed from some earlier event. If you were there and I got your details, my signature on your key should now appear on the keyservers.
As ever at ApacheCon, Sander Temme organised a PGP keysigning party. This year (unlike last) I got my arse into gear in time to make it. There are some new signatures on my key. And I’ve just been through signing keys of people whose identities I confirmed, and who I hadn’t already signed. A few of them were surprising: people whose keys I’d have guessed I’d already signed. And one who needed a new key signing, as the one I’d signed previously was on a laptop that got stolen, so he revoked it.
The keys I’ve signed, I’ve uploaded to the keyservers. Generating ascii-armoured signatures and mailing them to people is more faff than I want to engage in just now