Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Gunnar Wolf]

Altin Guberi dijo [Tue, Jun 14, 2022 at 08:40:35PM +0200]:
> Hello,
> 
> Thanks for your response.
> 
> Is the PGP key mandatory like to be completed before the conference ?
> Or it is also possible to do it while I am at the activity?

If you want to get connected to the Debian "crowd" of the OpenPGP
keyring, you should not only get your key created beforehand, but
practice with it and get to understand the tooling. To better
understand how we work, you might be interested in reading the
following articles; sorry for the self-promotion, but those are the
works I am most likely to be able to discuss about ;-)

- Strengthening a Curated Web of Trust in a Geographically
  Distributed Project (Wolf and Gallegos, 2016)
  Cryptologia, 41 (5). pp. 459-475
  http://ru.iiec.unam.mx/3486/

- Insights on the large-scale deployment of a curated Web-of-Trust:
  the Debian project’s cryptographic keyring (Wolf and Quiroga, 2018)
  Journal of Internet Services and Applications, 9 (11). pp. 1-12
  http://ru.iiec.unam.mx/4106/

- An Analysis of 5 Million OpenPGP Keys (Schacht and Kieseberg, 2020)
  Journal of Wireless Mobile Networks, Ubiquitous Computing, and
  Dependable Applications, 11 (3). pp. 107-140
  http://isyou.info/jowua/papers/jowua-v11n3-6.pdf

There are more, of course... but those were sitting at the top of my
head.

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Altin Guberi]

Ok, thanks for the clarification.

On Tue, Jun 14, 2022, 10:43 PM Dashamir Hoxha  wrote:

> On Tue, Jun 14, 2022 at 8:41 PM Altin Guberi 
> wrote:
>
>> Hello,
>>
>> Thanks for your response.
>>
>> Is the PGP key mandatory like to be completed before the conference ?
>> Or it is also possible to do it while I am at the activity?
>>
>
> It is completely optional.
> You don't have to bother with it, unless you want to start contributing to
> Debian by maintaining one or more packages. In this case you need to sign
> your packages with your PGP key, for security reasons, and your key needs
> to be recognized by the other Debian developers, in order to make sure that
> it is you who built the package and not someone else.
>
> For participating in the conference you don't need a PGP key.
>

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Dashamir Hoxha]

On Tue, Jun 14, 2022 at 8:41 PM Altin Guberi  wrote:

> Hello,
>
> Thanks for your response.
>
> Is the PGP key mandatory like to be completed before the conference ?
> Or it is also possible to do it while I am at the activity?
>

It is completely optional.
You don't have to bother with it, unless you want to start contributing to
Debian by maintaining one or more packages. In this case you need to sign
your packages with your PGP key, for security reasons, and your key needs
to be recognized by the other Debian developers, in order to make sure that
it is you who built the package and not someone else.

For participating in the conference you don't need a PGP key.

Re: [DebConf22] About Data SIM Card

[John Goerzen]

On Tue, Jun 14 2022, Julian Andres Klode wrote:

> Do they sell eSIM? I do not have a free physical slot.
>
> I'll probably go ahead and book global eSIM though, because I just
> can't be bothered doing the airport stuff. Maybe just 1GB/7d for $9
> and then buy a local card for the rest if eSIM is available.

I recently used Airalo for a trip from the US to Germany and found it
quite helpful:

https://www.airalo.com/kosovo-esim

You do not actually need their app; you can just add it as a regular
eSim.  They want USD $9 for 1GB in Kosovo / 7 days.  Note that it
doesn't give you the ability to make/receive calls or SMS, it's
data-only, but probably enough to run Signal, etc. atop it.

- John

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Altin Guberi]

Hello,

Thanks for your response.

Is the PGP key mandatory like to be completed before the conference ?
Or it is also possible to do it while I am at the activity?


[image: top image]
Altin Guberi
altingub...@gmail.com
mobile: +355 67 54 56 674
[image: facebook icon]  [image: linkedin
icon]  [image:
instagram icon] 
[image: bottom image]


The content of this email is confidential and intended for the recipient
specified in message only. It is strictly forbidden to share any part of
this message with any third party, without a written consent of the sender.
If you received this message by mistake, please reply to this message and
follow with its deletion, so that we can ensure such a mistake does not
occur in the future.


On Tue, Jun 14, 2022 at 3:08 PM Dashamir Hoxha  wrote:

> On Tue, Jun 14, 2022 at 2:57 PM Altin Guberi 
> wrote:
>
>> Hello,
>>
>> Thanks for your email.
>>
>> Unfortunately I am quite new to this.
>>
>> Can you let me know how to find or create PGP key fingerprint on Windows
>> ?
>>
>
> Altin, you should start by installing Linux, preferably Debian, on your
> computer.
> I would recommend you LMDE (Linux Mint Debian Edition):
> https://linuxmint.com/download_lmde.php
> It is possible to install it in parallel with Windows, without damaging
> your existing system.
> I will be present during the conference, I can help you with this, if
> needed. I am sure that you can find other people that can help you as well.
>
> After installing Linux, you can generate a GnuPG key, and then continue
> with the rest of the steps.
>
> Regards,
> Dashamir
>

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Gunnar Wolf]

Dashamir Hoxha dijo [Tue, Jun 14, 2022 at 05:58:01PM +0200]:
> I am looking forward to discussing these issues with you.
> I have some experience with WKD (Web Key Directory) which is a
> distributed alternative for keyservers, and is even regarded as a
> replacement for them.
> But I am not sure how suitable or easy is WKD for being used with
> keysigning.
> Is Debian already using WKD?

Debian does use WKD. It is a good alternative in many ways, but lacks
in many others -- it will use if your mail provider *cares* about
OpenPGP enough to run a service, and it allows for user-generated
content to be served via a well-known address
(i.e. 
https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/hfh6c7pfzr3uop5ne7qrdwj4uo6hr49p
for someu...@example.org). It would not work for your key, as you'd
first have to convince GMail to enable said service.

Besides, I might be wrong on this... but I understand WKD serves the
keys stripped of any certification material.

Re: [DebConf22] About Data SIM Card

[Julian Andres Klode]

On Mon, Jun 13, 2022 at 07:43:23PM +0200, Arianit Dobroshi wrote:
> Hi Roger,
> 
> "*Common EU SIM card (like "Three" from UK) cannot be used in Kosovo by
> roaming.*"
> 
> This is not correct. We use the same SIM cards and there are roaming
> agreements with plenty of European carriers. It looks kinda expensive for
> UK carriers to roam in Kosovo though.
> 
> For a few euros you can buy a local card with VALA or IPKO at the airport,
> downtown of any town and probably at ITP campus as well.

Do they sell eSIM? I do not have a free physical slot.

I'll probably go ahead and book global eSIM though, because I just
can't be bothered doing the airport stuff. Maybe just 1GB/7d for $9
and then buy a local card for the rest if eSIM is available.
-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Andreas Metzler]

On 2022-06-14 Dashamir Hoxha  wrote:
[...]
> Is Debian already using WKD?


Yes, for quite some time.

https://wiki.debian.org/DebianKeyring#Via_WKD
https://dkg.fifthhorseman.net/blog/wkd-for-debian.org.html

cu Andreas

Re: [DebConf22] About Data SIM Card

[Roger Shimizu]

Dear Arianit,

Thanks for your information!

> "Common EU SIM card (like "Three" from UK) cannot be used in Kosovo by 
> roaming."
\> This is not correct. We use the same SIM cards and there are
roaming agreements with plenty of European carriers. It looks kinda
expensive for UK carriers to roam in Kosovo though.

If common EU sim can roam to Kosovo, it make easier to us to purchase
the prepaid SIM in our home country in advance.
Usually 10G prepaid cost EUR 15-20, which is a bit expensive than your
local one, but it's more convenient, especially if the flight is
scheduled to arrive very late.

> For a few euros you can buy a local card with VALA or IPKO at the airport, 
> downtown of any town and probably at ITP campus as well.

Yes, local SIM seems to be much cheaper.
Hope I can get one when I arrive.

Cheers,
Roger

On Tue, Jun 14, 2022 at 2:43 AM Arianit Dobroshi  wrote:
>
> Hi Roger,
>
> "Common EU SIM card (like "Three" from UK) cannot be used in Kosovo by 
> roaming."
>
> This is not correct. We use the same SIM cards and there are roaming 
> agreements with plenty of European carriers. It looks kinda expensive for UK 
> carriers to roam in Kosovo though.
>
> For a few euros you can buy a local card with VALA or IPKO at the airport, 
> downtown of any town and probably at ITP campus as well.
>
> Arianit
>
>
>
>
>
> On Mon, Jun 13, 2022 at 6:22 PM Roger Shimizu  wrote:
>>
>> Dear Debconf list,
>>
>> To prepare for the upcoming trip, I want to know the status for data
>> SIM for Kosovo.
>> The following is what I got to know from a few sites. Hope local
>> people can double check.
>> Thank you!
>>
>> Common EU SIM card (like "Three" from UK) cannot be used in Kosovo by 
>> roaming.
>> So we need to purchase a local SIM card, to get connected out of DebConf 
>> venue.
>>
>> Local Carrier: Vala or IPKO
>> UMTS (3G): Band 8: 900MHz (for both carriers), and maybe also Band 1:
>> 2.1GHz for IPKO
>> LTE (4G FDD): Band 3: 1.8GHz
>> Place to buy prepaid SIM: airport shop or .. (better to have more
>> detail info from local team)
>> Plans: [site to refer] https://prepaid-data-sim-card.fandom.com/wiki/Kosovo
>>
>> Cheers,
>> --
>> Roger Shimizu, GMT +9 Tokyo
>> PGP/GPG: 4096R/6C6ACD6417B3ACB1

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Dashamir Hoxha]

On Tue, Jun 14, 2022 at 5:20 PM Gunnar Wolf  wrote:

>
> But keysigning has been done since before keyservers were a thing;
> keyservers make many things easier, although are not fundamental for
> the WoT to work.
>
> Anyway... I guess you can see I have many things to say about this ;-)
> See you in Kosovo, and we will be able to discuss in person. And of
> course, see you in:
>
>
> https://debconf22.debconf.org/talks/31-openpgp-web-of-trust-a-way-forward/


I am looking forward to discussing these issues with you.
I have some experience with WKD (Web Key Directory) which is a
distributed alternative for keyservers, and is even regarded as a
replacement for them.
But I am not sure how suitable or easy is WKD for being used with
keysigning.
Is Debian already using WKD?

See you there,
Dashamir

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Gunnar Wolf]

Dashamir Hoxha dijo [Tue, Jun 14, 2022 at 03:20:07PM +0200]:
> On Tue, Jun 14, 2022 at 12:28 AM Gunnar Wolf  wrote:
> 
> >
> > Most of you are aware that the keyserver network is currently in a
> > quite weak status; please ensure we can find your updated keys at
> > several different keyservers (at least, by uploading them); I suggest
> > you try something like the following:
> >
> >(...)
> 
> Is it possible to avoid the keyserver network somehow? Because as you
> mentioned, it is failing, and also it is not recommended to use it anymore
> (as far as I know).

It is failing due to a couple of weaknesses in the interaction model
between servers, but some people (me included) are working to save it
from dying. Still, I cannot by far promise you it will continue
working, and for how long.

Key distribution servers are a fundamental part for the Web of Trust,
the basic model for trusting on somebody's identity via their key's
certifications.

> For example, instead of uploading the fingerprint, we can upload the public
> key itself somewhere, in a public place, or send it by attachment to a
> coordinator.

That would be suboptimal, as the key has to be available to every
participant who has to sign your key. I will most likely, though, put
the keys on a keyring somewhere in https://people.debian.org/~gwolf,
but that solves only a part of the problem: You will be able to get
some identifcations, but making the world know you have certified
somebody's keys gets much trickier.

> Maybe I am missing something. Maybe a keysigning party makes no sense
> without a keyserver infrastructure. I am not sure.

It does make sense, but it is a bit harder. Nowadays, we _still_ have
keyservers, and they _still_ network together. Some of us will do our
best to keep the infrastructure alive. DebConf22 will have keyserver
infrastructure available, trust me :-]

But keysigning has been done since before keyservers were a thing;
keyservers make many things easier, although are not fundamental for
the WoT to work.

Anyway... I guess you can see I have many things to say about this ;-)
See you in Kosovo, and we will be able to discuss in person. And of
course, see you in:

https://debconf22.debconf.org/talks/31-openpgp-web-of-trust-a-way-forward/

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Dashamir Hoxha]

On Tue, Jun 14, 2022 at 12:28 AM Gunnar Wolf  wrote:

>
> Most of you are aware that the keyserver network is currently in a
> quite weak status; please ensure we can find your updated keys at
> several different keyservers (at least, by uploading them); I suggest
> you try something like the following:
>
> $ export MY_KEY=0x2404C9546E145360 # Naturally, your key goes here
> $ for i in pgpkeys.eu pgp.surf.nl pgp.pm keyserver.ubuntu.com
> the.earth.li
> > do
> > gpg --keyserver $i --send-key $MY_KEY
> > done
>

Is it possible to avoid the keyserver network somehow? Because as you
mentioned, it is failing, and also it is not recommended to use it anymore
(as far as I know).

For example, instead of uploading the fingerprint, we can upload the public
key itself somewhere, in a public place, or send it by attachment to a
coordinator.

Maybe I am missing something. Maybe a keysigning party makes no sense
without a keyserver infrastructure. I am not sure.

Regards,
Dashamir

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Dashamir Hoxha]

On Tue, Jun 14, 2022 at 2:57 PM Altin Guberi  wrote:

> Hello,
>
> Thanks for your email.
>
> Unfortunately I am quite new to this.
>
> Can you let me know how to find or create PGP key fingerprint on Windows ?
>

Altin, you should start by installing Linux, preferably Debian, on your
computer.
I would recommend you LMDE (Linux Mint Debian Edition):
https://linuxmint.com/download_lmde.php
It is possible to install it in parallel with Windows, without damaging
your existing system.
I will be present during the conference, I can help you with this, if
needed. I am sure that you can find other people that can help you as well.

After installing Linux, you can generate a GnuPG key, and then continue
with the rest of the steps.

Regards,
Dashamir

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Altin Guberi]

Hello,

Thanks for your email.

Unfortunately I am quite new to this.

Can you let me know how to find or create PGP key fingerprint on Windows ?


[image: top image]
Altin Guberi
altingub...@gmail.com
mobile: +355 67 54 56 674
[image: facebook icon]  [image: linkedin
icon]  [image:
instagram icon] 
[image: bottom image]


The content of this email is confidential and intended for the recipient
specified in message only. It is strictly forbidden to share any part of
this message with any third party, without a written consent of the sender.
If you received this message by mistake, please reply to this message and
follow with its deletion, so that we can ensure such a mistake does not
occur in the future.


On Tue, Jun 14, 2022 at 12:28 AM Gunnar Wolf  wrote:

> As part of the 22th Debian Conference in Prizren, Kosovo, we will hold
> a continuous OpenPGP keysigning. If you intend to participate, please
> make sure you have included your key's fingerprint in Wafer (field «My
> PGP key fingerprints for keysigning» in step 5 of the registration,
> «Personal Information» [1]). Your fingerprint should have a format
> similar to the following:
>
> 4D14 0506 53A4 02D7 3687  049D 2404 C954 6E14 5360
>
> (yes, that's _my_ fingerprint).
>
> [1] https://debconf22.debconf.org/register/step-4 – Yes, the first
> step is obviously step-0 ;-)
>
> Please make sure you send your key fingerprint no later than Friday
> 2022-07-08, as I will be preparing the KSP material by then.
>
> Most of you are aware that the keyserver network is currently in a
> quite weak status; please ensure we can find your updated keys at
> several different keyservers (at least, by uploading them); I suggest
> you try something like the following:
>
> $ export MY_KEY=0x2404C9546E145360 # Naturally, your key goes here
> $ for i in pgpkeys.eu pgp.surf.nl pgp.pm keyserver.ubuntu.com
> the.earth.li
> > do
> > gpg --keyserver $i --send-key $MY_KEY
> > done
>
> If you have questions please send them to the mailing list at
> debconf-disc...@lists.debconf.org.  If you don't want to post to the
> mailing list, send your questions to gw...@debian.org.
>

Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

[Ravi Dwivedi]

If you do not already have gpg keys, this arch wiki page is useful 
https://wiki.archlinux.org/title/GnuPG


On 14/06/22 03:57, Gunnar Wolf wrote:

As part of the 22th Debian Conference in Prizren, Kosovo, we will hold
a continuous OpenPGP keysigning. If you intend to participate, please
make sure you have included your key's fingerprint in Wafer (field «My
PGP key fingerprints for keysigning» in step 5 of the registration,
«Personal Information» [1]). Your fingerprint should have a format
similar to the following:

 4D14 0506 53A4 02D7 3687  049D 2404 C954 6E14 5360

(yes, that's _my_ fingerprint).

[1] https://debconf22.debconf.org/register/step-4 – Yes, the first
 step is obviously step-0 ;-)

Please make sure you send your key fingerprint no later than Friday
2022-07-08, as I will be preparing the KSP material by then.

Most of you are aware that the keyserver network is currently in a
quite weak status; please ensure we can find your updated keys at
several different keyservers (at least, by uploading them); I suggest
you try something like the following:

 $ export MY_KEY=0x2404C9546E145360 # Naturally, your key goes here
 $ for i in pgpkeys.eu pgp.surf.nl pgp.pm keyserver.ubuntu.com the.earth.li
 > do
 > gpg --keyserver $i --send-key $MY_KEY
 > done

If you have questions please send them to the mailing list at
debconf-disc...@lists.debconf.org.  If you don't want to post to the
mailing list, send your questions to gw...@debian.org.