From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758898Ab1JFSXA (ORCPT ); Thu, 6 Oct 2011 14:23:00 -0400 Received: from inx.pm.waw.pl ([195.116.170.130]:57031 "EHLO inx.pm.waw.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758800Ab1JFSW6 (ORCPT ); Thu, 6 Oct 2011 14:22:58 -0400 From: Krzysztof Halasa To: "H. Peter Anvin" Cc: Linux Kernel Mailing List Subject: Re: kernel.org status: establishing a PGP web of trust References: <4E8655CD.90107@zytor.com> Date: Thu, 06 Oct 2011 20:22:54 +0200 In-Reply-To: <4E8655CD.90107@zytor.com> (H. Peter Anvin's message of "Fri, 30 Sep 2011 16:50:37 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Peter, > 5. Get as many other kernel developers that you have physical access to > to sign your key after verifying the fingerprint. Verifying keys > over the phone is OK if and only if you know them *extremely* well; > think "would I be willing to testify in court that the person I > talked to was X"? Do you have, by chance, a list of developers whom I can contact to have the new key signed? Unfortunately I'm seldom outside Poland (and Warsaw spefically), so I'd prefer local people. Something (using the right key ring etc.) like gpg2 --list-keys '.pl>' should work for a start I think. Any other idea perhaps? TIA. -- Krzysztof Halasa