also sprach Bernelle Verster <bernellev@gmail.com> [2015-07-28 14:59 +0200]:
> I'm guessing people won't be able to generate their own fully
> fledged keys on the spot, but perhaps some mock-up/greatly
> simplified version to show them the steps, combined with, say, an
> introductory lecture on cyber security? So, almost gimmicky but
> rooted in real life. In my opinion the people coming will be
> curious and a bit geeky already...
Having crypto workshops available for people would be awesome, sure,
but this this is a bit of a tangential issue here, as GPG keys
— while central to so many aspects of Debian — actually have nothing
to do with DebConf registration.
> On the cyber security, I'm not sure if the FB, twitter etc auth is
> a good way to go...
Let's not discuss their security. All we're doing here is
authentication. The issue to solve is that someone creates a record
in our registration system and later might want to change it,
therefore needing to prove to the system that they are the one who
created the record in the first place. Being able to display
ownership of a Twitter/Wordpress/G+/FB/whatever account (in addition
to local accounts for those who prefer that, and Debian SSO
integration) could well be considered secure enough for this purpose
IMHO, and it would certainly make it easier for our users.
> Just my half thought through two cents :)
*What*? You're saying your full thoughts are worth 4¢? Rort! ;)
--
.''`. martin f. krafft <madduck@debconf.org> @martinkrafft
: :' : DebConf orga team
`. `'`
`- DebConf15: Heidelberg, Germany: http://debconf15.debconf.org
DebConf16: Cape Town: https://wiki.debconf.org/wiki/DebConf16
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)