On 11/02/2014 07:23 AM, Mark Atwood wrote:
I will also try to get more keybase.io invites, for those who want them.
  keybase.io is a web service that provides an independently provable
binding between your social media and github identities, and your gpg
key.
I have been granted *many* invites from keybase.io for OpenStack
developers.

I have already sent an invite to everyone who already participated in
the keysigning party in Hong Kong and in Atlanta.

If anyone else wants an invite, do please approach me at the Summit in
Paris, or email me.

..m

--
Mark Atwood <mark.atw...@hp.com>
Mark Atwood <m...@mark.atwood.name>

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Current problem: CLI requires a conflicting dependency with Fedora packages Node.js libraries. I'll see if I can remove the conflicting files.

I like the idea of Keybase, but remember, it is really easy to do PKI wrong. The cardinal rule of PKI is that the Private Key should never leave your machine; ideally it would never leave a hardware security module. It should certainly not be send to some remote machine for management unless...well, unless you have the whole archival and storage story straight.

So, do Keybase, but don't let it manage your private key. They don't really want to, anyway.

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to