Re: status: establishing a PGP web of trust

From: Adrian Bunk
Date: Mon Oct 03 2011 - 13:50:22 EST

On Fri, Sep 30, 2011 at 04:50:37PM -0700, H. Peter Anvin wrote:
> Hash: SHA1
> Hi all,
> Since the status announcement last week a number of you
> have contacted me about re-establishing credentials. In order to
> establish a proper PGP web of trust we need keys that are cross-signed
> by other developers. As such, we ask that you follow the following
> steps:
> 5. Get as many other kernel developers that you have physical access to
> to sign your key after verifying the fingerprint. Verifying keys
> over the phone is OK if and only if you know them *extremely* well;
> think "would I be willing to testify in court that the person I
> talked to was X"?
> If you work in an office with multiple other Linux developers, it
> would be a very good thing to organize a local key signing. We will
> do a key signing at Kernel Summit for the core kernel developers.
> A web site with recommendations for running a key signing:
> $ gpg --fingerprint <key ID>
> $ gpg --keyserver --recv-key <their key ID>
> $ gpg -u <your key ID> --sign-key <their key ID>
> $ gpg --keyserver --send-key <their key ID>
> $ gpg --keyserver --recv-key <your key ID>
> 6. Please send me the key identifier and fingerprint to
> <keys@xxxxxxxxx>. This is a temporary address until the
> MX is ready to put back online; eventually we will probably have a
> web form interface for this.

What are the exact technical requirements for key acceptance?

"as many other kernel developers" is quite vague, starting with the fact
that there is not a clear definition of "kernel developer"...

> -hpa



"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at