[Ksummit-2012-discuss] The agenda for the Kernel Summit sessions on Wednesday

Theodore Ts'o tytso at mit.edu
Wed Aug 29 14:10:20 UTC 2012 

The Kernel Summit track on Wednesday can be found here:

	http://summit.linuxplumbersconf.org/lpc-2012/track/ksummit2012/

Please note that there are also Plumber's Conference tracks with many
kernel-related discussions today.  That agenda can be found here:

	http://summit.linuxplumbersconf.org/lpc-2012/2012-08-29/

In particular, there will be an LPC Opening Plenary at 9:15am, where
Konstantin will be reading the SHA256 hash for the kernel.org GPG
keyring, confirming the announcement which he sent before (see below).

Also there will be a Kernel Panel at LinuxCon at 4:40pm (after other
LinuxCon keynotes starting at 4pm).  See the LinuxCon schedule here;
there may also be other talks that may interest you:

	http://events.linuxfoundation.org/events/linuxcon/schedule

Cheers!

                                                - Ted

-----  

From: Konstantin Ryabitsev <mricon at kernel.org>

Hello, all:

I collected 46 keys from 40 people interested in keysigning at the
Kernel Summit. I have uploaded the fingerprints and the pubring to the
following locations:

https://www.kernel.org/ks2012-fingerprints.txt
https://www.kernel.org/ks2012-pubring.gpg

This is the sha256sum of the pubring:
bbb816d955c3939c72985175b0ea4f8781662f70d8a0fa9b0985391403a0fe79

You can import the pubring using "gpg --import" command.

WARNING: just in case someone jumps the gun -- these fingerprints were
taken at "face value". I DID NO VERIFICATION WHATSOEVER whether these
keys belong to the actual people. DO NOT sign any of these keys
without the verification procedure at the Kernel Summit. My GPG
signature on this email is in no way an endorsement of these keys.

Here's how the procedure will play out:

1. Before lunch on Wednesday, I will take 5 minutes of your time to
introduce myself and to recite the sha256sum of the pubring available
for download from the link above. People with laptops capable of
downloading the pubring and running "sha256sum" (should be about 95%
of the audience, I think) can validate whether the hash verifies.
2. I will also make available printed worksheets with people's names
and key fingerprints (or print your own -- see attached).
3. If you are willing to sign people's keys, please obtain from me a
copy of the worksheet, a short pencil, and a stylish sticker [*]:
   a. Affix the stylish sicker to your KS badge to indicate that
you're willing to sign keys.
   b. Fold the worksheet and keep it in your KS badge. [**]
   c. Keep the brass lantern^W^W short pencil in your badge, too.
4. During lunch and later during the day, if someone approaches you
and asks to sign their key:
   a. Keep calm.
   b. Locate their name on the worksheet.
   c. Ask to see some government-issued ID to verify their identity.
   d. Alternatively, ask personal/kernel-related questions which only
that person would be able to answer (see Harry Potter books 6 and 7).
5. If you are comfortable in asserting that the person asking your
signature is who they say they are, put an "X" next to their name on
the worksheet using the pencil provided (or an alternative writing
utensil should there be a dearth of pencils).
6. When you get back to your laptop, run "gpg --sign-key [keyid]" for
all the people marked "X" on your worksheet. The key id is the last 8
chars of the fingerprint smushed together. [***] If a person has
multiple fingerprints, sign all their keys.
7. Lastly, do "gpg --send-keys [keyid]" to upload the newly signed key
to the keyservers.

.. [*] what will be on the stickers remains to be established.
.. [**] assuming it's not a fully laminated badge without openings.
.. [***] This assumes you ran "gpg --import ks2012-pubring.gpg" prior.

[ NOTE: Even if you didn't send your GPG keys to Konstantin, if you are
  interested in signing kernel.org keys so that you know signed GPG tags
  from your favorite kernel developers really came from then, you can
  sign other people's keys without having your key on ks2012-pubring.gpg
  keyring.  They won't be to sign your key as easily, but you can also
  print out your GPG key fingerprint and key-id/e-mail address on strips
  of paper and hand them to people when you ask them to sign your
  key. -- Ted ]

More information about the Ksummit-2012-discuss mailing list