Re: DebConf25 Key Signing Party: Definitive list, SHA256sum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Gunnar,
and thanks for taking care of the list, maps, etc
(and sorry for having caused additional work
by having requested inclusion of another key
(shortly) after the registration had already closed!)
On Fri, 2025-07-04 at 17:34 -0600, Gunnar Wolf wrote:
> Hello everybody!
>
> I have already notified a couple of people, but I think this _does_ deserve
> being widely announced. Anyway, sorry for abusing dc-announce!
>
> I have (re(-re(-re(-re))))generated the KSP list, base document, and
> keysigning maps, so you can get it and check it _now_! I see some keys are
> missing a name in the Web index, and I will look into fixing that, but the
> main text file _is_ final.
I assume it *remains* final, even *if* there's an error.
My request for inclusion of **a** key, not **my** key
(mail from Thu, 03 Jul 2025 02:07:14 +0200)
lead to a second entry 159b for *me*,
which should've been "mojo <mojo at fortysixandtwo eu>" instead
(which matches what's published on keyserver.ubuntu.com).
However, as the list likely won't be changed
(as I can only imagine the amounts of pain and confusion
that having a second circulating list may cause).
But since I imagine 159b will have some (repeated) explaining
to do, I thought having this quirk of the list explained in advance
would help mojo in participating in their first KSP :)
> You can get our DC25 keysigning coordination
> page at:
>
> https://people.debian.org/~gwolf/dc25_ksp/dc25_fprs.txt
>
> You should check its SHA256sum matches mine, that is:
>
> E321 CE1D A781 DF71 1698 24D8 D526 43AC A1D1 16F8 9075 1A2C EB34 3C92 C5B1 8EF9
Seeing as I'm already answering to this mail:
ACK, got the same.
> You should verify your keys are correctly listed in the document, ensuring
> EVERY PART of your key's fingerprint is correct. I _did_ receive some
> unauthenticated requests for inclusion, so you should not blindly accept
> the file's contents is trustworthy (of course... Are you sure that _I_ am
> trustworthy? If everybody verifies their fingerprints, we can all ensure
> this file has trustable information).
>
> Were you unable to send us the details in time? Don't worry. Bring along
> some paper slips including the output of "gpg --fingerprint $your_key_id"
> (or "sq cert list $your_key_id" — I invite you to consider Sequoia as a
> great next-generation OpenPGP client, much friendlier than GnuPG!).
You can also use gpg-key2latex(1) from the signing-party package,
which will fill a e.g. A4 paper (when invoked with -p A4).
>
> And if I'm talking Javanese to you... Maybe you will want to attend our
> session, "Continuous Key-Signing Party introduction", on Monday 2025.07.14
> 10:30, Méridienne room, where we will better explain the gory details.
>
> See you _very_ soon! 😃
>
> – Gunnar Wolf, from keyring-maint.
Any day now! :)
Evangelos
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEuThlVLfdJmvLjimpkPDJsYprShkFAmho0GYZHGRldnJ0ekBm
b3J0eXNpeGFuZHR3by5ldQAKCRCQ8MmximtKGUG5EACizxbAKOJMVLuLq/Q/E7O/
468IW5p6phFpyW2cX/rgXxALjuL+UhuIYKQuOU3dFTEMzjchiF/f+e1Z5R9a8Iv8
OHSQsIaM7OwJRZmZwiaeY5poyWNaeKlYpOwYc42DG6rMavaLlX57IwPOhcaw7X24
1sTiB9Dc+GGEd0BhQof2NfMIsPHiuutqyFy4PJgDKNJp3qwRbdSrSghYyjo4uLhQ
NrftXv9DKmTAPbZzN1frCmzzLcaZS1+R6+mx+8ARZLqhCyI/3JtPAYnRg46zGuOc
55YXNQ6mV2QUFFzCwsjpfaltO7sUwNMn61rZOq7TscZNMBePHgIfbjwmFFJQta5D
sbqDa6pfuiGTRKNkY6WfdkFOgZYKhSwig4gsN4n2/hZb335MacM+A/IXtnJAH0Ei
ThHrV1jRR9rquOB0+DTF4LjgJiz9Zk1uHfFhAZjD8yLGJLLWc+NjXrjX8vrma4pA
ArySTM/YACwepipW0ZNr8TI+Z3J9Szx1wObydtHGyj/vm6kh2VD2vnrcqb5kfjJN
ysGhtYoUPfOd0WdtWN8TFaHzltD4RZZbwr7JMbtVvwhKTi9vOkWTzTtl4Ls2PVvz
qZQT39AQ9RFxr74Uo47IBuAAM74Nz5FG6En9hQYr1WRzeMFmgmWjrCTkmpg242U5
aVU4n7JQYvrSU7QDku3BXg==
=uVqY
-----END PGP SIGNATURE-----
Reply to: