[patch]: NM page update request (GPG)
On Sun, Oct 27, 2002 at 09:18:20AM +0100, Joerg Jaspert wrote:
> Oohara Yuuma <oohara@libra.interq.or.jp> writes:
> > I don't think you can pass the NM queue without a signed GPG key
> > nowadays.
> Why?
> A signed key is preferred and required for most of the NMs. But there
> are people living in areas where you cant get a signed key.
Then why not say so there. See my patch which also addresses gpg usage
issue. Someone, please proof read my english :-)
I do not think search.keyserver.net is usable anymore.
Oh ... looking at time... daylight saving time is over :-)
Good night.
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki <osamu@debian.org> Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://qref.sf.net and http://people.debian.org/~osamu
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract
--- nm-step1.wml 2002-10-27 01:46:39.000000000 -0700
+++ nm-step1.wml.new 2002-10-27 01:00:06.000000000 -0800
@@ -29,10 +29,12 @@
fill out a web form and thereby verify the applicant's application (More
information about the Advocate system can be found in the
<A HREF="./nm-advocate">guidelines for advocates</A>).
-<LI>a way to <A HREF = "./nm-step2">identify</A> himself (preferably by
-having a GPG key signed by an existing Debian Developer or, alternatively,
-by sending in a photo of his drivers license or passport signed digitally
-with his GPG key).
+<LI>a way to <A HREF = "./nm-step2">identify</A> himself by
+having a GPG key signed by an existing Debian Developer.
+Only for the people living in areas where one can not get his GPG key
+signed by an existing Debian Developer, sending in a photo of his
+drivers license or passport signed digitally with his GPG key may be
+accepted as the alternative method to identify himself.
<LI>enough experience in order to become an official Debian Developer
(the preferred way is to have a package
<A HREF ="./newmaint#Sponsor">sponsored</A> by a Debian developer; of course,
--- nm-step2.wml 2002-09-23 10:02:24.000000000 -0700
+++ nm-step2.wml.new 2002-10-27 01:17:19.000000000 -0800
@@ -49,7 +49,8 @@
<A HREF="http://wwwkeys.us.pgp.net/">public key servers</A>. You can
export your public key using:</P>
<pre>
-gpg --send-key --keyserver germany.keyserver.net yourkeyid
+$ for xx in us es cz de dk uk ch; \
+$ gpg --send-key --keyserver wwwkeys.$xx.pgp.net yourkeyid
</pre>
@@ -60,6 +61,11 @@
ElGamal keys themselves do <em>not</em> need to be regenerated.
Only the signatures created by ElGamal keys.</P>
+<P>Note: It is a good idea <em>not to create more than 2 sub-keys</em>.
+If you do, keyservers on pgp.net is known to <em>corrupt</em> your key.
+Neither search.keyserver.net nor pgp.ai.mit.edu are usable recently.
+</P>
+
<P>
You should upgrade GPG to version >= 1.0.4, since the older
version has serious bugs which could lead to false signature
Reply to: