On Sat, Aug 09, 2003 at 05:53:18PM +1000, Martin Michlmayr wrote: > * Andrew Suffield <asuffield@debian.org> [2003-08-07 18:02]: > > I, for one, would rather not have this presented here, but instead > > leave it to the AM to decide whether to suggest it to an applicant or > > not. I've had one or two applicants who should have waited before > > applying, until they had an opportunity to get their keys signed. > > I think only the signed GPG method should be described explicitly with > a mention that "alternative methods" are available if a signed GPG key > is not possible. In that case, they should imho contact the Front > Desk to they can check the situation and say what to do. New version attached. I also changed the wording regarding the signing coordination page. Gruesse, -- *** Frank Lichtenheld <frank@lichtenheld.de> *** *** http://www.djpig.de/ *** see also: - http://www.usta.de/ - http://fachschaft.physik.uni-karlsruhe.de/
#use wml::debian::template title="Step 2: Identification" NOHEADER="true" #include "$(ENGLISHDIR)/devel/join/nm-steps.inc" <p>The information on this page, while public, will primarily be of interest to future Debian developers.</p> <h2>Step 2: Identification</h2> <h3>Why GPG?</h3> <p>Because the <a href="newmaint#Member">Debian members</a> are located everywhere around the world (see <a href="../developers.loc">developers locations</a>) and rarely meet each other personal an alternate method of identification is necessary. All Debian developers are identified by their <a href="http://www.gnupg.org">GPG</a> key. This provides an accurate method to authenticate messages and other data by signing it. For more information on GPG keys see the README in the <code>debian-keyring</code> package.</p> <h3>Providing a key</h3> <p>Each <a href="newmaint#Applicant">applicant</a> must provide a GPG public key. The preferred way to do this is to export it to one of the <a href="http://wwwkeys.us.pgp.net/">public key servers</a>. Public keys can be exported using:</p> <pre> gpg --send-key --keyserver <server address> <yourkeyid> </pre> <p>Note: There are <a href="nm-amchecklist#gpgversion">known problems</a> with GPG <= 1.0.1 and ElGamal keys.</p> <h3>Verification</h3> <p>Because anyone can upload a public key to the servers it needs to be verified that the key is the applicants one.</p> <p>To accomplish this the public key itself must be signed by an other <a href="newmaint#Member">Debian member</a>. Therefor the applicant must meet this Debian member personal and must identify himself (by providing a passport, a drivers license or some other ID).</p> <h4><a name="key_signature">How to get your GPG key signed</a></h3> <p>Announces of key signing parties are usually posted on the <code>debian-devel</code> mailing list, so check there first.</p> <p>If you are looking for developers in any specific areas to sign your GPG public key, the <a href="http://nm.debian.org/gpg.php">key signing coordination page</a> may be of help:</p> <ul> <li>You can check the list of key signing offers for a Debian member near you.</li> <li>If you cannot find a Debian member among the key signing offers, you can register your key signing request.</li> <li>As a last resort, if you didn't received any offers for a few weeks after registering, you can send e-mail to <email gpg-coord@nm.debian.org> telling them where you live exactly (plus naming some big cities close to you), then they can check in the developer database for developers who are near you.</li> </ul> <p>Once you find someone to sign your key, you should follow the steps in the <a href="$(HOME)/events/keysigning">Keysigning Mini-HOWTO</a>.</p> <p>It is recommended that you also sign the Debian Developer's key. This is not necessary for your ID check but it strengthens the web of trust.</p> <h4>When you can't get your key signed</h4> <p>If all the steps above failed, please contact the <a href="newmaint#FrontDesk">Front Desk</a> and ask for help. They may offer you an alternate way of identification.</p> <hr noshade size=1> #include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
Attachment:
pgpImVlpjjNiV.pgp
Description: PGP signature