Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 05/07/2014 01:26 AM, Jeremy Stanley wrote: Given that's Sean's session before the break (assuming it doesn't get reshuffled) and he's signed up for the key signing too, he could probably be persuaded to end on time and allow us to quickly free up the room for that. If we go this route we'll probably still need to plan to begin promptly at 10:35 AM EDT (five minutes into the break) so that the projector can be attached and confirmed working while attendees for the infra session in there clear out. Any objections to this (particularly from Sean)? Preferences for this plan over the separate room one floor up? Note that one down side I see to this option is if anyone who isn't an ATC wants to participate, we may need someone to help get them into the Design Summit area. What's the final decision? Which room will we use? Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-05-09 15:51:19 +0800 (+0800), Thomas Goirand wrote: What's the final decision? Which room will we use? I'm personally leaning toward B301 (in the Design Summit area) since I think that will make it easier for participants to arrive on time. As Thierry also suggested this and nobody else has expressed a preference or raised any objections, if I don't hear any within the next few hours I'll update the instructions to say B301 (and cancel the other dedicated room with the conference organizers so they can free up resources and correct the schedule before the weekend). -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
++ for B301 We'll be on summit for the whole week, probably, we could have two key signing parties? bad_idea On Fri, May 9, 2014 at 9:08 AM, Jeremy Stanley fu...@yuggoth.org wrote: On 2014-05-09 15:51:19 +0800 (+0800), Thomas Goirand wrote: What's the final decision? Which room will we use? I'm personally leaning toward B301 (in the Design Summit area) since I think that will make it easier for participants to arrive on time. As Thierry also suggested this and nobody else has expressed a preference or raised any objections, if I don't hear any within the next few hours I'll update the instructions to say B301 (and cancel the other dedicated room with the conference organizers so they can free up resources and correct the schedule before the weekend). -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Sincerely yours, Sergey Lukjanov Sahara Technical Lead (OpenStack Data Processing) Mirantis Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Jeremy Stanley wrote: On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote: [...] I'll check with the team handling venue logistics right now and update this thread with options. I'm also inquiring about the availability of a projector if we get one of the non-design-session breakout rooms, and I can bring a digital micro/macroscope which ought to do a fair job of showing everyone's photo IDs through it if so (which would enable us to use The 'Sassman-Projected' Method and significantly increase our throughput via parallelization). I was able to confirm a dedicated location (room 405, just one floor up from the design summit sessions) Wednesday 10:30-11:00am with a projector and seating for 50. We're getting close to that many on the sign-up sheet already... chances are we'll be able to put each ID up on the projector for 15-20 seconds, taking buffer time into account at the beginning for walking to the room and reading the master list checksum aloud. I've asked the organizers to list this as OpenStack Web of Trust: Key Signing and have updated https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit accordingly. Note that we could pick any of the Design Summit rooms (they are larger and don't require us to move on 4th floor). They should all be empty during the break. B301 (160 seats) has infra sessions before and after the Wednesday 10:30am break, so there is overlap in attendance and we can easily push people out to start the keysigning ASAP. NB: I may be late as I've a summit presentation in the slot before and I may stay around to answer questions. -- Thierry Carrez (ttx) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-05-06 12:36:34 +0200 (+0200), Thierry Carrez wrote: Note that we could pick any of the Design Summit rooms (they are larger and don't require us to move on 4th floor). They should all be empty during the break. I was hesitant to try and use one of the design session rooms for this since they tend to run long and wouldn't provide much opportunity to set up in advance. B301 (160 seats) has infra sessions before and after the Wednesday 10:30am break, so there is overlap in attendance and we can easily push people out to start the keysigning ASAP. Given that's Sean's session before the break (assuming it doesn't get reshuffled) and he's signed up for the key signing too, he could probably be persuaded to end on time and allow us to quickly free up the room for that. If we go this route we'll probably still need to plan to begin promptly at 10:35 AM EDT (five minutes into the break) so that the projector can be attached and confirmed working while attendees for the infra session in there clear out. Any objections to this (particularly from Sean)? Preferences for this plan over the separate room one floor up? Note that one down side I see to this option is if anyone who isn't an ATC wants to participate, we may need someone to help get them into the Design Summit area. NB: I may be late as I've a summit presentation in the slot before and I may stay around to answer questions. You'll likely miss the reading aloud of the file checksum and (depending on how late you'll be) may miss display of some individuals' identification on the projection screen, but at least you can try to hit them up for a more traditional peek directly at their passports/whatever later. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-29 18:31:37 + (+), Jeremy Stanley wrote: I've updated the wiki article to note that I'll lock it for further edits at the end of the (UTC) day on the 7th and generate the checksummed list from it, then link it there for everyone to download as quickly as I can do so. I'll also send a signed copy of the checksummed list in reply to this thread at the same time. Just a friendly reminder that the deadline to sign up is a little over 23 hours away! So far we've got 55 people on the list, by my count. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote: [...] I'll check with the team handling venue logistics right now and update this thread with options. I'm also inquiring about the availability of a projector if we get one of the non-design-session breakout rooms, and I can bring a digital micro/macroscope which ought to do a fair job of showing everyone's photo IDs through it if so (which would enable us to use The 'Sassman-Projected' Method and significantly increase our throughput via parallelization). I was able to confirm a dedicated location (room 405, just one floor up from the design summit sessions) Wednesday 10:30-11:00am with a projector and seating for 50. We're getting close to that many on the sign-up sheet already... chances are we'll be able to put each ID up on the projector for 15-20 seconds, taking buffer time into account at the beginning for walking to the room and reading the master list checksum aloud. I've asked the organizers to list this as OpenStack Web of Trust: Key Signing and have updated https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit accordingly. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Awesome! thanks @fungi -- dims On Wed, Apr 30, 2014 at 6:47 PM, Jeremy Stanley fu...@yuggoth.org wrote: On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote: [...] I'll check with the team handling venue logistics right now and update this thread with options. I'm also inquiring about the availability of a projector if we get one of the non-design-session breakout rooms, and I can bring a digital micro/macroscope which ought to do a fair job of showing everyone's photo IDs through it if so (which would enable us to use The 'Sassman-Projected' Method and significantly increase our throughput via parallelization). I was able to confirm a dedicated location (room 405, just one floor up from the design summit sessions) Wednesday 10:30-11:00am with a projector and seating for 50. We're getting close to that many on the sign-up sheet already... chances are we'll be able to put each ID up on the projector for 15-20 seconds, taking buffer time into account at the beginning for walking to the room and reading the master list checksum aloud. I've asked the organizers to list this as OpenStack Web of Trust: Key Signing and have updated https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit accordingly. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: http://davanum.wordpress.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Excerpts from Jeremy Stanley's message of 2014-04-30 15:47:21 -0700: On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote: [...] I'll check with the team handling venue logistics right now and update this thread with options. I'm also inquiring about the availability of a projector if we get one of the non-design-session breakout rooms, and I can bring a digital micro/macroscope which ought to do a fair job of showing everyone's photo IDs through it if so (which would enable us to use The 'Sassman-Projected' Method and significantly increase our throughput via parallelization). I was able to confirm a dedicated location (room 405, just one floor up from the design summit sessions) Wednesday 10:30-11:00am with a projector and seating for 50. We're getting close to that many on the sign-up sheet already... chances are we'll be able to put each ID up on the projector for 15-20 seconds, taking buffer time into account at the beginning for walking to the room and reading the master list checksum aloud. I've asked the organizers to list this as OpenStack Web of Trust: Key Signing and have updated https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit accordingly. Fantastic. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 04/29/2014 06:42 AM, Jeremy Stanley wrote: On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) Is there a date a place already schedule for the key signing party? Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
How about 10:30 AM Break on Wednesday at the Developers Lounge (Do we have one this time?) -- dims On Tue, Apr 29, 2014 at 10:32 AM, Thomas Goirand z...@debian.org wrote: On 04/29/2014 06:42 AM, Jeremy Stanley wrote: On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) Is there a date a place already schedule for the key signing party? Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: http://davanum.wordpress.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Break time is extremely busy in the developers lounge. We can have others in the room, but we need enough of a space for everyone to stand in two lines and rotate and be uninterrupted. Excerpts from Davanum Srinivas's message of 2014-04-29 09:07:12 -0700: How about 10:30 AM Break on Wednesday at the Developers Lounge (Do we have one this time?) -- dims On Tue, Apr 29, 2014 at 10:32 AM, Thomas Goirand z...@debian.org wrote: On 04/29/2014 06:42 AM, Jeremy Stanley wrote: On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) Is there a date a place already schedule for the key signing party? Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-29 09:16:53 -0700 (-0700), Clint Byrum wrote: [...] I think Wednesday would be the ideal day, as it has the most overlap with the conference and is at least adjacent to if not within most design tracks. [...] Seconded. I suggest we ensure that everyone understands the process and brings their print outs on the day-of. [...] I've updated the instructions on the sign-up list accordingly. I suggest we schedule the event for 5 minutes after the start of the break. Agreed. As far as a location, if there are private meeting rooms of a large enough size that would be ideal. [...] I don't know who to contact to schedule a meeting room. Anybody? I'll check with the team handling venue logistics right now and update this thread with options. I'm also inquiring about the availability of a projector if we get one of the non-design-session breakout rooms, and I can bring a digital micro/macroscope which ought to do a fair job of showing everyone's photo IDs through it if so (which would enable us to use The 'Sassman-Projected' Method and significantly increase our throughput via parallelization). -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-29 08:52:38 +0400 (+0400), Sergey Lukjanov wrote: +1 to lock May 7 I've updated the wiki article to note that I'll lock it for further edits at the end of the (UTC) day on the 7th and generate the checksummed list from it, then link it there for everyone to download as quickly as I can do so. I'll also send a signed copy of the checksummed list in reply to this thread at the same time. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
IIRC there was a key signing party on the launch time in Hong Kong, isn't it? On Sun, Apr 27, 2014 at 4:05 AM, Clint Byrum cl...@fewbar.com wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Now that we have more visibility about schedules, I think we should try to find a time slot. Does anybody have an idea already? If not I think we should just pick a break time period and get it done. Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700: On 03/30/2014 10:00 AM, Mark Atwood wrote: Hi! Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? Inspired by the URL at https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit I looked for https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit to discover that that wiki page does not yet exist and I do not have permission to create it. ..m If there's none, then we should do one. One thing about last key signing party, is that I didn't really like the photocopy method. IMO, it'd be much much nicer to use a file, posted somewhere, containing all participant fingerprints. To check for that file validity, together, we check for its sha256 sum (someone say it out loud, while everyone is checking for its own copy). And everyone, individually, checks for its own PGP fingerprint inside the file. Then we just need to validate entries in this file (with matching ID documents). Otherwise, there's the question of the trustability of the photocopy machine and such... Not that I don't trust Jimmy (I do...)! :) Plus having a text file with all fingerprints in it is more convenient: you can just cut/past the whole fingerprint and do gpg --recv-keys at once (and not just the key ID, which is unsafe because prone to brute-force). That file can be posted anywhere, provided that we check for its sha256 sum. I would happily organize this, if someone can find a *quite* room with decent network. Who can take care of the place and time? Of course, We will need need the fingerprints of every participant in advance, so the wiki page would be useful as well. I therefore created the wiki page: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Please add yourself. We'll see if I can make it to Atlanta, and organize something later on. Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Sincerely yours, Sergey Lukjanov Sahara Technical Lead (OpenStack Data Processing) Mirantis Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-28 18:37:56 +0400 (+0400), Sergey Lukjanov wrote: IIRC there was a key signing party on the launch time in Hong Kong, isn't it? Nope, according to the old wiki article we ended up doing it Thursday November 7 2013 during the 10:30-11:00 AM break. (Though I suppose that was fairly close to lunch.) -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
+1 to lock down the page May 7th. -- dims On Mon, Apr 28, 2014 at 6:42 PM, Jeremy Stanley fu...@yuggoth.org wrote: On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: http://davanum.wordpress.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
+1 to lock May 7 On Tuesday, April 29, 2014, Davanum Srinivas dava...@gmail.com wrote: +1 to lock down the page May 7th. -- dims On Mon, Apr 28, 2014 at 6:42 PM, Jeremy Stanley fu...@yuggoth.orgjavascript:; wrote: On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote: Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit [...] It has a sign-up cutoff of two weeks ago, so I assume that was merely a placeholder. Which begs the question how late is too late for participants to be able to comfortably print out their copies (assuming we do http://keysigning.org/methods/sassaman-efficient this time)? Should lock down the page Wednesday May 7th? Sooner? Keep in mind that this week (April 27 through May 3) is supposed to be a vacation week for the project, so people may not be around to add themselves until Monday May 5th ;) -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org javascript:; http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: http://davanum.wordpress.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org javascript:; http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Sincerely yours, Sergey Lukjanov Sahara Technical Lead (OpenStack Data Processing) Mirantis Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Just a friendly reminder to add yourself to this list if you are interested in participating in the key signing in Atlanta: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Now that we have more visibility about schedules, I think we should try to find a time slot. Does anybody have an idea already? If not I think we should just pick a break time period and get it done. Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700: On 03/30/2014 10:00 AM, Mark Atwood wrote: Hi! Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? Inspired by the URL at https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit I looked for https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit to discover that that wiki page does not yet exist and I do not have permission to create it. ..m If there's none, then we should do one. One thing about last key signing party, is that I didn't really like the photocopy method. IMO, it'd be much much nicer to use a file, posted somewhere, containing all participant fingerprints. To check for that file validity, together, we check for its sha256 sum (someone say it out loud, while everyone is checking for its own copy). And everyone, individually, checks for its own PGP fingerprint inside the file. Then we just need to validate entries in this file (with matching ID documents). Otherwise, there's the question of the trustability of the photocopy machine and such... Not that I don't trust Jimmy (I do...)! :) Plus having a text file with all fingerprints in it is more convenient: you can just cut/past the whole fingerprint and do gpg --recv-keys at once (and not just the key ID, which is unsafe because prone to brute-force). That file can be posted anywhere, provided that we check for its sha256 sum. I would happily organize this, if someone can find a *quite* room with decent network. Who can take care of the place and time? Of course, We will need need the fingerprints of every participant in advance, so the wiki page would be useful as well. I therefore created the wiki page: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Please add yourself. We'll see if I can make it to Atlanta, and organize something later on. Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-03-31 14:45:20 -0700 (-0700), Clint Byrum wrote: Would it be entirely out of line to take a portion of an infra-team session to do this? [...] * This seems relevant to OpenStack development infrastructure. [...] About the only place we have any existing infrastructure automation currently related to OpenPGP keys at all is that we expect releases to use Git tags which are signed. There's no tooling currently relying on keys themselves being signed/vetted, so the release management and cross-project workshops topics are probably equally suited in this regard. I can propose a session for this purpose, but there's no expectation it'll be approved (at which point we have even less time to consider alternative solutions). -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 04/01/2014 04:03 AM, Jeremy Stanley wrote: On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote: No miracle here... All slots are pretty full as expected. I think our best bet is still the 30-min morning break on Wednesday or Thursday at 10:30am. Would finding an available room for an hour sometime on Monday make sense instead? +1 On 04/01/2014 11:41 PM, Jeremy Stanley wrote: About the only place we have any existing infrastructure automation currently related to OpenPGP keys at all is that we expect releases to use Git tags which are signed. Which is what I use (and yes, I do check for signatures, but I couldn't get signatures of everyone making signed tags). Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Mark Atwood wrote: Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? Inspired by the URL at https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit I looked for https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit to discover that that wiki page does not yet exist and I do not have permission to create it. Err... anyone can create anything on the wiki. Maybe you weren't logged in ? -- Thierry Carrez (ttx) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Jeremy Stanley wrote: On 2014-03-29 19:00:33 -0700 (-0700), Mark Atwood wrote: Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? [...] Absolutely! Thierry, any ideas on how to best fit it into the schedule? ...hopefully not wedged into a restroom break like I ended up doing last time. ;) No miracle here... All slots are pretty full as expected. I think our best bet is still the 30-min morning break on Wednesday or Thursday at 10:30am. -- Thierry Carrez (ttx) signature.asc Description: OpenPGP digital signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote: No miracle here... All slots are pretty full as expected. I think our best bet is still the 30-min morning break on Wednesday or Thursday at 10:30am. Would finding an available room for an hour sometime on Monday make sense instead? Since we don't have design sessions that day, it might make it easier to collect some majority of interested ATCs for longer than we can cram into a 30-minute break. On the other hand it will potentially conflict with some other operations and general conference stuff, so we end up leaving out people who might be doing those things instead... -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Excerpts from Jeremy Stanley's message of 2014-03-31 13:03:28 -0700: On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote: No miracle here... All slots are pretty full as expected. I think our best bet is still the 30-min morning break on Wednesday or Thursday at 10:30am. Would finding an available room for an hour sometime on Monday make sense instead? Since we don't have design sessions that day, it might make it easier to collect some majority of interested ATCs for longer than we can cram into a 30-minute break. On the other hand it will potentially conflict with some other operations and general conference stuff, so we end up leaving out people who might be doing those things instead... Would it be entirely out of line to take a portion of an infra-team session to do this? A lot of keys can be signed in 30 minutes. * You will have the most important people in the WoT for OpenStack in that room. This will ensure that the signing is extremely relevant. * The projection method will be available. * This seems relevant to OpenStack development infrastructure. If not, then taking over a session room directly after any day of the event has been the most successful strategy I've seen at open source conferences. It needs to be relatively soon after everything ends so that people can still get to their respective plans. If we can't commandeer a session, I'll go down the path of contacting the conference/summit organizers to see if that is possible. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 03/30/2014 10:00 AM, Mark Atwood wrote: Hi! Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? Inspired by the URL at https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit I looked for https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit to discover that that wiki page does not yet exist and I do not have permission to create it. ..m If there's none, then we should do one. One thing about last key signing party, is that I didn't really like the photocopy method. IMO, it'd be much much nicer to use a file, posted somewhere, containing all participant fingerprints. To check for that file validity, together, we check for its sha256 sum (someone say it out loud, while everyone is checking for its own copy). And everyone, individually, checks for its own PGP fingerprint inside the file. Then we just need to validate entries in this file (with matching ID documents). Otherwise, there's the question of the trustability of the photocopy machine and such... Not that I don't trust Jimmy (I do...)! :) Plus having a text file with all fingerprints in it is more convenient: you can just cut/past the whole fingerprint and do gpg --recv-keys at once (and not just the key ID, which is unsafe because prone to brute-force). That file can be posted anywhere, provided that we check for its sha256 sum. I would happily organize this, if someone can find a *quite* room with decent network. Who can take care of the place and time? Of course, We will need need the fingerprints of every participant in advance, so the wiki page would be useful as well. I therefore created the wiki page: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Please add yourself. We'll see if I can make it to Atlanta, and organize something later on. Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700: On 03/30/2014 10:00 AM, Mark Atwood wrote: Hi! Are there plans for a PGP keysigning party at the Juno Summit in Atlanta, similar to the one at the Icehouse summit in Hong Kong? Inspired by the URL at https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit I looked for https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit to discover that that wiki page does not yet exist and I do not have permission to create it. ..m If there's none, then we should do one. One thing about last key signing party, is that I didn't really like the photocopy method. IMO, it'd be much much nicer to use a file, posted somewhere, containing all participant fingerprints. To check for that file validity, together, we check for its sha256 sum (someone say it out loud, while everyone is checking for its own copy). And everyone, individually, checks for its own PGP fingerprint inside the file. Then we just need to validate entries in this file (with matching ID documents). Otherwise, there's the question of the trustability of the photocopy machine and such... Not that I don't trust Jimmy (I do...)! :) If we follow either of these methods: http://keysigning.org/methods/sassaman-efficient http://keysigning.org/methods/sassaman-projected Then everyone should bring their own copy of the file. Note that this implies that one is using their own trusted equipment to do this or verifying painfully that nothing has been altered during that process. So it is important that we socialize this and have people ready _before_ the summit, so they can print at home. The point is, users should still _print it themselves_ to avoid a mass compromise of the key signing process at the time of duplication/printing. Now, having somebody else print the lists is fine as long as you have key owners look at your copy and verify the fingerprint on your list. This is _extremely_ inefficient compared to the Sassaman Efficient protocol, but it works o-k for small groups, as the person can verify your list while you're verifying their government ids, and you can do the same for them. I would suggest making these photocopies on an odd color of paper so that key owners can know to ask for the list to verify it, rather than letting unknowing lazy signers get away with trusting the photocopy. Plus having a text file with all fingerprints in it is more convenient: you can just cut/past the whole fingerprint and do gpg --recv-keys at once (and not just the key ID, which is unsafe because prone to brute-force). That file can be posted anywhere, provided that we check for its sha256 sum. I would happily organize this, if someone can find a *quite* room with decent network. Who can take care of the place and time? There is zero network necessary for the party. In fact it is sort of discouraged, as having network would distract from the single-minded and very social purpose of the party. Or are you requesting a room to do the list creation? Of course, We will need need the fingerprints of every participant in advance, so the wiki page would be useful as well. I therefore created the wiki page: https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit Thanks!! Please add yourself. We'll see if I can make it to Atlanta, and organize something later on. Done. I'm happy to pick up facilitation of this process if you can't make it. Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-03-30 09:05:51 -0700 (-0700), Clint Byrum wrote: [...] Now, having somebody else print the lists is fine as long as you have key owners look at your copy and verify the fingerprint on your list. This is _extremely_ inefficient compared to the Sassaman Efficient protocol, but it works o-k for small groups, as the person can verify your list while you're verifying their government ids, and you can do the same for them. [...] I completely agree, but I didn't have information disseminated far enough in advance last time and had to punt by printing a stack myself. This was entirely my fault--the original idea was that for the Icehouse summit we'd jump-start our WoT by trading signatures between members of the Release Cycle Management and Infrastructure programs, and then involve the wider development community during the Juno summit. When requests to do something more formal sprang up shortly beforehand, I ended up making a course correction with little time for proper planning. We can, and will, do better! -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?
On 2014-03-30 14:32:55 +0800 (+0800), Thomas Goirand wrote: [...] One thing about last key signing party, is that I didn't really like the photocopy method. [...] Nor did I, but it was a last-minute production since I didn't expect the majority of attendees to bring cards with their own key fingerprints because they don't (yet) operate in circles where keysigning is commonplace. There are much better methods for high-volume KSPs (Clint links to my favorites in his message later in the thread, so I won't) and we should use one of those this time. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
