[OSDC Israel] PGP Keysigning BOF
Amit Aronovitch
aronovitch at gmail.com
Fri Feb 17 01:22:29 PST 2006
'nothingmuch at woobling.org' wrote:
>On Tue, Jan 31, 2006 at 11:34:02 +0200, Levenglick Dov-RM07994 wrote:
>
>
>>I'll byte. What is this key, how do I get it and why would I want it?
>>
>>
>
>Heh, that was quick ;-)
>
>OpenPGP is a standard for public key signing/encrypting.
>
>This is probably the best place to learn about it:
>
> http://www.gnupg.org/gph/en/manual.html#CONCEPTS
>
>The way you get it is - install gpg, and then generate your own key.
>This is discussed in the first chapter of the manual i linked.
>
>You would want it not only if you're suffering from paranoia or if
>you intend on being a terrorist ;-)
>
>In my opinion This is important because in this day and age of NSA
>wire tapping without warrants, identity theft, and so forth,
>people should be made aware of technologies that allow them to
>protect their privacy, even if they don't need to actively protect
>their privacy (yet).
>
>This is mostly an awareness/principal issue, but the communal aspect
>is also important - a good trust network means that others who *do*
>need the privacy features will benefit from your participation in
>the key signing festivities.
>
>
>
You forgot to mention one aspect which is specificly useful for Open
Source Developers:
If you have your key signed, you can post/upload signed files and
patches, that people can be sure are from YOU.
If you participate in a public, decentralized project, this is a crucial
element - otherwise your codebase would be
wide open for crackers and assorted troublemakers to insert their
malicious stuff.
Many projects have already incorporated gpg signing/verifying into
their infratructure (e.g. Debian ...)
Regards
More information about the OSDC-discuss
mailing list