On Thu, Aug 14, 2003 at 07:19:17PM +0200, Frank Lichtenheld wrote: > On Sun, Aug 10, 2003 at 11:55:34PM +0200, Frank Lichtenheld wrote: > > New version attached. > > I also changed the wording regarding the signing coordination page. > > No more comments for some days now. Can I go ahead and commit the new > version? Missed your earlier mail completely. I like it better this way, anyway. Nobody else seems to care enough to comment. However, I can see a number of typographical and flow errors (it reads like something written by a German). It's also inaccurate in a few respects. I'm about to go to bed, but here's a rapidly revised version. I haven't bothered to justify all the changes; let me know if any aren't obvious. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
#use wml::debian::template title="Step 2: Identification" NOHEADER="true"
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
<p>The information on this page, while public, will primarily
be of interest to future Debian developers.</p>
<h2>Step 2: Identification</h2>
<h3>Why GPG?</h3>
<p>Because the <a href="newmaint#Member">Debian members</a> are
located in many places around the world (see
<a href="../developers.loc">developer locations</a>) and rarely
meet each other in person, an alternate method of identification
is necessary. All Debian developers are identified by their
<a href="http://www.gnupg.org";>GPG</a> key. This provides a reliable
mechanism for authenticating messages (and other data) by adding a cryptographic signature. For
more information on GPG keys see the README in the
<code>debian-keyring</code> package.</p>
<h3>Providing a key</h3>
<p>Each <a href="newmaint#Applicant">applicant</a> must provide a
GPG public key. It is recommended that applicants export their key to one of
the <a href="http://wwwkeys.us.pgp.net/";>public key servers</a>.
Public keys can be exported using:</p>
<pre>
gpg --send-key --keyserver <server address> <yourkeyid>
</pre>
<p>Note: There are <a href="nm-amchecklist#gpgversion">known problems</a>
with GPG <= 1.0.1 and ElGamal keys.</p>
<h3>Verification</h3>
<p>Because anyone can upload a public key to the servers, it must
be verified that the key belongs to the applicants.</p>
<p>To accomplish this, the public key must be signed by another
<a href="newmaint#Member">Debian member</a>. Therefore, the
applicant must meet this Debian member in person and identify themselves
(by providing a passport, a drivers license or some other form of
government-issued photo ID).</p>
<h4><a name="key_signature">How to get your GPG key signed</a></h3>
<p>Announcements of key signing parties are usually posted on the
<code>debian-devel</code> mailing list, so check there first.</p>
<p>If you are looking for developers in a specific area to sign your
GPG public key, the <a href="http://nm.debian.org/gpg.php";>key signing
coordination page</a> may be of help:</p>
<ul>
<li>You can check the list of key signing offers for a Debian
member near you.</li>
<li>If you cannot find a Debian member among the key signing offers,
you can register your key signing request.</li>
<li>As a last resort, if you didn't received any offers for a
few weeks after registering, you can send e-mail to
<email gpg-coord@nm.debian.org> telling them where you live
exactly (plus naming some big cities close to you). They
can then check the database for developers who are
near you.</li>
</ul>
<p>Once you find someone to sign your key, you should follow the steps
in the <a href="$(HOME)/events/keysigning">Keysigning Mini-HOWTO</a>.</p>
<p>It is recommended that you also sign the Debian Developer's
key. This is not necessary for your ID check but it strengthens the
web of trust.</p>
<h4>When you can't get your key signed</h4>
<p>If all the above steps failed, please contact the
<a href="newmaint#FrontDesk">Front Desk</a> and ask for help. They may
offer you an alternate method of identification.</p>
<hr noshade size=1>
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
Attachment:
pgpUkbEPOEMz7.pgp
Description: PGP signature