REMINDER: Bay Area Debian Get-Together and Key-Signing Party

Evan Prodromou
12 Jun 2001 18:47:06 -0700

This is just to remind everyone that I need their GPG keys before noon

Also, I'd appreciate it if people could forward the announcement to
other Bay Area Linux groups, if appropriate.


Wednesday, 13 Jun 2001, 7:30PM
Harrington's Bar and Grill, 245 Front Street, San Francisco, CA

Debian developers and Debian aficionados will converge on the fabulous
Harrington's in downtown San Francisco for fine times, lively
discussion, and mutual identification.

Harrington's is only a few blocks from the Caltrain station at 4th and
Townsend as well as inches away from the Montgomery Street BART
station, making it centrally located for Debianista
goodness. Harrington's has burgers, beer, and other good stuff. There
are vegetarian entrees and non-alcoholic beverages (although the
coffee is only so-so). Minors are allowed and encouraged. There are
big booths.

We'll be trying to get the semi-official business of key-signing out
of the way early (before 8:30PM), so that Cinderellas can get back to
their public transportation pumpkins and get their beauty
sleep. Therefore, please try and be on time or close to it if you're
going to be participating in the key-signing.

I'll have a sign out with the letters "B A D" on it, so you can know
who to approach if you've never met another Debianite in meatspace or
if you have poor facial-recognition software.


If you've never participated in a key-signing party before, it's pretty
fun, and it can really expand your Web of Trust. Also, signed keys are
required for New Maintainers, so NM candidates should definitely make
this party!

I'll be co-ordinating the key-signing. If you have a GnuPG key that you
want signed, please send it to my address ( before 13
Jun 12:00PM, so I can add it to the keyring to sign.

OK, so, here are the steps for a key-signing party.


0. Generate a GnuPG public key, if you don't already have one. To
   understand a little more about GnuPG, please try to skim the GnuPG
   privacy handbook, available at 


   after an "apt-get install gnupg-doc", or on the Web at:

1. Send your key to the key-signing party organizer. You can get your
   public key out of your keyring by doing a command like this:

	  gpg --export --armor "your@email.address" > yourname.asc

   Then, email yourname.asc to the organizer (
   Please, don't encrypt the mail you send to the organizer.

2. Print out a copy of your key fingerprint. This is for you to carry
   around. You can get a copy of your key fingerprint by doing this:

	   gpg --fingerprint "your@email.address" > yourname.fp

   ...and then print yourname.fp out.

3. Make sure you have valid ID, like a passport or driver's license,
   that has the same name as on your key.


0. Get a copy of the keyring printout from the organizer.

1. For as many people as you can, do identification (see
   below). (We'll probably have a semi-formal, around-the-room session
   to do mass identification, which I'll explain at the event. It
   worked pretty well last time.)

2. Meet people and have fun.


Here are the steps that happen when Alice is going to identify Bob.

Alice needs: keyring printout, pencil or pen.
Bob needs: fingerprint printout, ID.

0. Bob presents a picture ID, such as a driver's license or passport.

1. Alice marks on her keyring printout a single check next to Bob's
   name, to indicate "identified."

2. Bob reads his fingerprint printout to Alice. Alice follows along
   on her keyring printout.

3. If the fingerprint that Bob reads matches the fingerprint Alice has
   on her printout, she makes a second check, indicating "fingerprint

Of course, it's nice if they then switch roles, and Bob identifies


0. Key signers download the party keyring from the URL I'll publish.

1. For each name on their keyring printout that has two checks
   (identified, fingerprint matches), sign that key in the
   keyring. For Alice to sign Bob's key, she would do a command like

       gpg --keyring /path/to/downloaded-keyring.gpg --sign-key "Bob" --local-user "Alice"

   Remember, keep the keyring separate.

   (Also, please don't sign keys of people you did not personally
   identify. If you don't take this process seriously, you are a weak
   link in the Web of Trust. If I see that you signed the key of
   someone who wasn't at the event, I won't sign -your- key, and I'll
   suggest that others don't, either.)

2. Once all the signatures have been added, send your copy of the
   keyring back to the organizer ( This copy will now
   have all your signatures in it. Please return your signatures
   within one week (by 20 Jun 2001).

3. The organizer will combine all the signatures together, and make
   the new, merged keyring available for download. You can download
   this file and then use 

        gpg --import /path/to/second/downloaded-keyring.gpg

   To import all the keys with new signatures on them. Debian
   members are encouraged to submit their new signatures to the key

Evan Prodromou