GPG signing is our preferred method of establishing authenticity of anything ranging from mails to release tarballs/tags. To make this easy to verify and trustworthy it is useful to have yourself wired into the KDE web of trust (i.e. get your key signed by other KDE contributors).
If you are release manager of a project or a distribution packager it is highly recommended that you attend this BoF to get yourself wired into the release web of trust which makes tarball signature verification a lot easier.
There's lots of good guides on GPG in general and key signing in specific out on the internet, it is recommended you read up on this a bit. We'll only explain the process in broad strokes at the BoF. If you have questions you can send a mail to [email protected]
How This Works - READ THIS!
Add the name and email address of your key as well as the fingerprint below. Tuesday morning at 10:00 Harald is going to do a print out for all listed attendants. If you would like to do your own print out, please send a mail to [email protected]. If you are not listed by Tuesday morning you'll have to pay 900 Euros penalty (increased from 2017 because of inflation and Brexit uncertainties)! Please make sure that you send a mail if you add yourself after the deadline.
To get your key fingerprint, you'll want to run gpg or gpg2 with the --fingerprint argument and your name or short ID.
gpg2 --fingerprint Sitter
Make sure to bring an ID card or preferably a passport so we can verify you are who you claim to be at the BoF.
|Key OK||Name <EMail>||Fingerpint||ID OK|
|☐||Harald Sitter <[email protected]>||CB93 8752 1E1E E012 7DA8 0484 3FDB B550 84CC 5D84||☐|
|☐||Bhushan Shah <[email protected]>
Bhushan Shah <[email protected]>
|0AAC 775B B643 7A8D 9AF7 A3AC FE07 8411 7FBC E11D||☐|
|☐||Elvis Angelaccio <[email protected]>||F07D 85CA A18A CF46 A346 FD01 7C7F C6EA 8633 B4EA||☐|
|☐||Stefan Derkits <[email protected]>||E676 487A F993 5EE7 FB42 DDF9 959B C031 5FCD 8062||☐|
|☐||Andre Heinecke <[email protected]>
Andre Heinecke <[email protected]>
|94A5 C9A0 3C2F E5CA 3B09 5D8E 1FDF 723C F462 B6B1||☐|
|☐||Andre Heinecke (Release Signing Key)||5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28||☐|
|☐||Johannes Zarl-Zierl <[email protected]>
Johannes Zarl <[email protected]>
|D7B0 1148 9F51 2947 2F7E A1C8 DB12 106E 8B7E BB88||☐|
|☐||Jonathan Riddell <[email protected]>||2D1D 5B05 8835 7787 DE9E E225 EC94 D18F 7F05 997E||☐|
|☐||David Faure <[email protected]>||53E6 B47B 45CE A3E0 D5B7 4577 58D0 EE64 8A48 B3BB||☐|
|☐||Albert Astals Cid <[email protected]>||CA26 2C6C 83DE 4D2F B28A 332A 3A6A 4DB8 39EA A6D7||☐|
|☐||Aditya Mehra <[email protected]>||ED60 21FB FF1D 7A30 D6B0 1E1F 6376 5612 B338 ECC9||☐|
|☐||Michael Pyne <[email protected]>||5406 ECE8 3665 DA9D 201D 3572 0BAF 0C9C 7B6A E9F2||☐|
|☐||Fabian Vogt <[email protected]>
Fabian Vogt <[email protected]>
|21EC 3FD7 5D26 B39E 820B E6FB D27C 2C1A F21D 8BAD||☐|
|☐||Your Name <[email protected]>||1234 1234 1234 FINGER PRINT||☐|