[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

nm-step2, another try

Hi.

After my last proposal for a new version of the devel/join/nm-step2 page
lead to a discussion about English grammar[0] I prepared another version now.
You find it attached.

Comments welcome, espeacially content related ones. I can not
participate on any discussion about the exact tempus of a sentence so
just send me a patch if you find it should be corrected ;)

[0] http://lists.debian.org/debian-www/2003/debian-www-200308/msg00065.html

Gruesse,
-- 
Frank Lichtenheld <frank@lichtenheld.de>
www: http://www.djpig.de/

#use wml::debian::template title="Step 2: Identification" NOHEADER="true"
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"

<p>The information on this page, while public, will primarily
be of interest to future Debian developers.</p>


<h2>Step 2: Identification</h2>


<h3>Why GPG?</h3>

<p>Because the <a href="newmaint#Member">Debian members</a> are
located everywhere around the world (see 
<a href="../developers.loc">developers locations</a>) and rarely 
meet each other personal an alternate method of identification 
is necessary. All Debian developers are identified by their 
<a href="http://www.gnupg.org";>GPG</a> key. This provides an accurate
method to authenticate messages and other data by signing it. For
more information on GPG keys see the README in the 
<code>debian-keyring</code> package.</p>


<h3>Providing a key</h3>

<p>Each <a href="newmaint#Applicant">applicant</a> must provide a
GPG public key. The preferred way to do this is to export it to one of
the <a href="http://wwwkeys.us.pgp.net/";>public key servers</a>.  
Public keys can be exported using:</p>
<pre>
gpg --send-key --keyserver &lt;server address&gt; &lt;yourkeyid&gt;
</pre>

<p>Note: There are <a href="nm-amchecklist#gpgversion">known problems</a> 
with GPG &lt;= 1.0.1 and ElGamal keys.</p>


<h3>Verification</h3>

<p>Because anyone can upload a public key to the servers it needs
to be verified that the key is the applicants one.</p>

<p>To accomplish this the public key itself must be signed by an 
other <a href="newmaint#Member">Debian member</a>. Therefor the
applicant must meet this Debian member in person and must 
identify himself (by providing a passport, a drivers license 
or some other ID).</p>


<h4><a name="key_signature">How to get your GPG key signed</a></h3>

<p>There are several ways to find a Debian member for a key
exchange. You should try them in the order listed below:</p>

<ol>

<li>Announcements of key signing parties are usually posted on the
<code>debian-devel</code> mailing list, so check there first.</li>

<li><p>You can look for developers in specific areas through the <a
href="http://nm.debian.org/gpg.php";>key signing coordination page</a>:</p>

<ul>
      <li>First you should check the list of key signing offers for a Debian
	member near you.</li>
      <li>If you cannot find a Debian member among the key signing offers,
	you can register your key signing request.</li>
</ul>
</li>

<li>If noone has reacted to your request for several weeks, send an
e-mail to <email gpg-coord@nm.debian.org> telling them 
where you live exactly (plus naming some big cities close to you),
then they can check in the developer database for developers who are
near you.</li>

</ol>

<p>Once you find someone to sign your key, you should follow the steps
in the <a href="$(HOME)/events/keysigning">Keysigning Mini-HOWTO</a>.</p>

<p>It is recommended that you also sign the Debian Developer's
key. This is not necessary for your ID check but it strengthens the
web of trust.</p>


<h4>When you can't get your key signed</h4>

<p>If all the steps above failed, please contact the 
<a href="newmaint#FrontDesk">Front Desk</a> and ask for help. They may
offer you an alternate way of identification.</p>

<hr noshade size=1>
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
Reply to: