GPG signing is our preferred method of establishing authenticity of anything ranging from mails to release tarballs/tags. To make this easy to verify and trustworthy it is useful to have yourself wired into the KDE web of trust (i.e. get your key signed by other KDE contributors).
If you are release manager of a project or a distribution packager it is highly recommended that you attend this BoF to get yourself wired into the release web of trust which makes tarball signature verification a lot easier.
There's lots of good guides on GPG in general and key signing in specific out on the internet, it is recommended you read up on this a bit. We'll only explain the process in broad strokes at the BoF. If you have questions you can send a mail to [email protected]
How This Works - READ THIS!
Add the name and email address of your key as well as the fingerprint below. Tuesday morning at 10:00 Harald is going to do a print out for all listed attendants. If you would like to do your own print out, please send a mail to [email protected]. If you are not listed by Tuesday morning you'll have to pay 900 Euros penalty (increased from 2017 because of inflation and Brexit uncertainties)! Please make sure that you send a mail if you add yourself after the deadline.
To get your key fingerprint, you'll want to run gpg or gpg2 with the --fingerprint argument and your name or short ID.
gpg2 --fingerprint Sitter
Make sure to bring an ID card or preferably a passport so we can verify you are who you claim to be at the BoF.
|Key OK||Name <EMail>||Fingerpint||ID OK|
|☐||Harald Sitter <[email protected]>||CB93 8752 1E1E E012 7DA8 0484 3FDB B550 84CC 5D84||☐|
|☐||Bhushan Shah <[email protected]>
Bhushan Shah <[email protected]>
|0AAC 775B B643 7A8D 9AF7 A3AC FE07 8411 7FBC E11D||☐|
|☐||Elvis Angelaccio <[email protected]>||F07D 85CA A18A CF46 A346 FD01 7C7F C6EA 8633 B4EA||☐|
|☐||Stefan Derkits <[email protected]>||E676 487A F993 5EE7 FB42 DDF9 959B C031 5FCD 8062||☐|
|☐||Andre Heinecke <[email protected]>
Andre Heinecke <[email protected]>
|94A5 C9A0 3C2F E5CA 3B09 5D8E 1FDF 723C F462 B6B1||☐|
|☐||Andre Heinecke (Release Signing Key)||5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28||☐|
|☐||Johannes Zarl-Zierl <[email protected]>
Johannes Zarl <[email protected]>
|D7B0 1148 9F51 2947 2F7E A1C8 DB12 106E 8B7E BB88||☐|
|☐||Your Name <[email protected]>||1234 1234 1234 FINGER PRINT||☐|