Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-09 Thread Thomas Goirand
On 05/07/2014 01:26 AM, Jeremy Stanley wrote:
 Given that's Sean's session before the break (assuming it doesn't
 get reshuffled) and he's signed up for the key signing too, he could
 probably be persuaded to end on time and allow us to quickly free up
 the room for that. If we go this route we'll probably still need to
 plan to begin promptly at 10:35 AM EDT (five minutes into the break)
 so that the projector can be attached and confirmed working while
 attendees for the infra session in there clear out.
 
 Any objections to this (particularly from Sean)? Preferences for
 this plan over the separate room one floor up? Note that one down
 side I see to this option is if anyone who isn't an ATC wants to
 participate, we may need someone to help get them into the Design
 Summit area.

What's the final decision? Which room will we use?

Thomas


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-09 Thread Jeremy Stanley
On 2014-05-09 15:51:19 +0800 (+0800), Thomas Goirand wrote:
 What's the final decision? Which room will we use?

I'm personally leaning toward B301 (in the Design Summit area) since
I think that will make it easier for participants to arrive on time.
As Thierry also suggested this and nobody else has expressed a
preference or raised any objections, if I don't hear any within the
next few hours I'll update the instructions to say B301 (and cancel
the other dedicated room with the conference organizers so they can
free up resources and correct the schedule before the weekend).
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-09 Thread Sergey Lukjanov
++ for B301

We'll be on summit for the whole week, probably, we could have two key
signing parties? bad_idea

On Fri, May 9, 2014 at 9:08 AM, Jeremy Stanley fu...@yuggoth.org wrote:
 On 2014-05-09 15:51:19 +0800 (+0800), Thomas Goirand wrote:
 What's the final decision? Which room will we use?

 I'm personally leaning toward B301 (in the Design Summit area) since
 I think that will make it easier for participants to arrive on time.
 As Thierry also suggested this and nobody else has expressed a
 preference or raised any objections, if I don't hear any within the
 next few hours I'll update the instructions to say B301 (and cancel
 the other dedicated room with the conference organizers so they can
 free up resources and correct the schedule before the weekend).
 --
 Jeremy Stanley

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Sincerely yours,
Sergey Lukjanov
Sahara Technical Lead
(OpenStack Data Processing)
Mirantis Inc.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-06 Thread Thierry Carrez
Jeremy Stanley wrote:
 On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote:
 [...]
 I'll check with the team handling venue logistics right now and
 update this thread with options. I'm also inquiring about the
 availability of a projector if we get one of the non-design-session
 breakout rooms, and I can bring a digital micro/macroscope which
 ought to do a fair job of showing everyone's photo IDs through it if
 so (which would enable us to use The 'Sassman-Projected' Method and
 significantly increase our throughput via parallelization).
 
 I was able to confirm a dedicated location (room 405, just one floor
 up from the design summit sessions) Wednesday 10:30-11:00am with a
 projector and seating for 50. We're getting close to that many on
 the sign-up sheet already... chances are we'll be able to put each
 ID up on the projector for 15-20 seconds, taking buffer time into
 account at the beginning for walking to the room and reading the
 master list checksum aloud. I've asked the organizers to list this
 as OpenStack Web of Trust: Key Signing and have updated
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 accordingly.

Note that we could pick any of the Design Summit rooms (they are larger
and don't require us to move on 4th floor). They should all be empty
during the break.

B301 (160 seats) has infra sessions before and after the Wednesday
10:30am break, so there is overlap in attendance and we can easily push
people out to start the keysigning ASAP.

NB: I may be late as I've a summit presentation in the slot before and I
may stay around to answer questions.

-- 
Thierry Carrez (ttx)

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-06 Thread Jeremy Stanley
On 2014-05-06 12:36:34 +0200 (+0200), Thierry Carrez wrote:
 Note that we could pick any of the Design Summit rooms (they are
 larger and don't require us to move on 4th floor). They should all
 be empty during the break.

I was hesitant to try and use one of the design session rooms for
this since they tend to run long and wouldn't provide much
opportunity to set up in advance.

 B301 (160 seats) has infra sessions before and after the Wednesday
 10:30am break, so there is overlap in attendance and we can easily
 push people out to start the keysigning ASAP.

Given that's Sean's session before the break (assuming it doesn't
get reshuffled) and he's signed up for the key signing too, he could
probably be persuaded to end on time and allow us to quickly free up
the room for that. If we go this route we'll probably still need to
plan to begin promptly at 10:35 AM EDT (five minutes into the break)
so that the projector can be attached and confirmed working while
attendees for the infra session in there clear out.

Any objections to this (particularly from Sean)? Preferences for
this plan over the separate room one floor up? Note that one down
side I see to this option is if anyone who isn't an ATC wants to
participate, we may need someone to help get them into the Design
Summit area.

 NB: I may be late as I've a summit presentation in the slot before
 and I may stay around to answer questions.

You'll likely miss the reading aloud of the file checksum and
(depending on how late you'll be) may miss display of some
individuals' identification on the projection screen, but at least
you can try to hit them up for a more traditional peek directly at
their passports/whatever later.
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-05-06 Thread Jeremy Stanley
On 2014-04-29 18:31:37 + (+), Jeremy Stanley wrote:
 I've updated the wiki article to note that I'll lock it for further
 edits at the end of the (UTC) day on the 7th and generate the
 checksummed list from it, then link it there for everyone to
 download as quickly as I can do so. I'll also send a signed copy of
 the checksummed list in reply to this thread at the same time.

Just a friendly reminder that the deadline to sign up is a little
over 23 hours away! So far we've got 55 people on the list, by my
count.
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-30 Thread Jeremy Stanley
On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote:
[...]
 I'll check with the team handling venue logistics right now and
 update this thread with options. I'm also inquiring about the
 availability of a projector if we get one of the non-design-session
 breakout rooms, and I can bring a digital micro/macroscope which
 ought to do a fair job of showing everyone's photo IDs through it if
 so (which would enable us to use The 'Sassman-Projected' Method and
 significantly increase our throughput via parallelization).

I was able to confirm a dedicated location (room 405, just one floor
up from the design summit sessions) Wednesday 10:30-11:00am with a
projector and seating for 50. We're getting close to that many on
the sign-up sheet already... chances are we'll be able to put each
ID up on the projector for 15-20 seconds, taking buffer time into
account at the beginning for walking to the room and reading the
master list checksum aloud. I've asked the organizers to list this
as OpenStack Web of Trust: Key Signing and have updated
https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
accordingly.
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-30 Thread Davanum Srinivas
Awesome! thanks @fungi

-- dims

On Wed, Apr 30, 2014 at 6:47 PM, Jeremy Stanley fu...@yuggoth.org wrote:
 On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote:
 [...]
 I'll check with the team handling venue logistics right now and
 update this thread with options. I'm also inquiring about the
 availability of a projector if we get one of the non-design-session
 breakout rooms, and I can bring a digital micro/macroscope which
 ought to do a fair job of showing everyone's photo IDs through it if
 so (which would enable us to use The 'Sassman-Projected' Method and
 significantly increase our throughput via parallelization).

 I was able to confirm a dedicated location (room 405, just one floor
 up from the design summit sessions) Wednesday 10:30-11:00am with a
 projector and seating for 50. We're getting close to that many on
 the sign-up sheet already... chances are we'll be able to put each
 ID up on the projector for 15-20 seconds, taking buffer time into
 account at the beginning for walking to the room and reading the
 master list checksum aloud. I've asked the organizers to list this
 as OpenStack Web of Trust: Key Signing and have updated
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 accordingly.
 --
 Jeremy Stanley

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: http://davanum.wordpress.com

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-30 Thread Clint Byrum
Excerpts from Jeremy Stanley's message of 2014-04-30 15:47:21 -0700:
 On 2014-04-29 18:01:44 + (+), Jeremy Stanley wrote:
 [...]
  I'll check with the team handling venue logistics right now and
  update this thread with options. I'm also inquiring about the
  availability of a projector if we get one of the non-design-session
  breakout rooms, and I can bring a digital micro/macroscope which
  ought to do a fair job of showing everyone's photo IDs through it if
  so (which would enable us to use The 'Sassman-Projected' Method and
  significantly increase our throughput via parallelization).
 
 I was able to confirm a dedicated location (room 405, just one floor
 up from the design summit sessions) Wednesday 10:30-11:00am with a
 projector and seating for 50. We're getting close to that many on
 the sign-up sheet already... chances are we'll be able to put each
 ID up on the projector for 15-20 seconds, taking buffer time into
 account at the beginning for walking to the room and reading the
 master list checksum aloud. I've asked the organizers to list this
 as OpenStack Web of Trust: Key Signing and have updated
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 accordingly.

Fantastic.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Thomas Goirand
On 04/29/2014 06:42 AM, Jeremy Stanley wrote:
 On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
 Just a friendly reminder to add yourself to this list if you are
 interested in participating in the key signing in Atlanta:

 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 [...]
 
 It has a sign-up cutoff of two weeks ago, so I assume that was
 merely a placeholder. Which begs the question how late is too late
 for participants to be able to comfortably print out their copies
 (assuming we do http://keysigning.org/methods/sassaman-efficient
 this time)? Should lock down the page Wednesday May 7th? Sooner?
 
 Keep in mind that this week (April 27 through May 3) is supposed to
 be a vacation week for the project, so people may not be around to
 add themselves until Monday May 5th ;)

Is there a date a place already schedule for the key signing party?

Thomas


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Davanum Srinivas
How about 10:30 AM Break on Wednesday at the Developers Lounge (Do we
have one this time?)

-- dims

On Tue, Apr 29, 2014 at 10:32 AM, Thomas Goirand z...@debian.org wrote:
 On 04/29/2014 06:42 AM, Jeremy Stanley wrote:
 On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
 Just a friendly reminder to add yourself to this list if you are
 interested in participating in the key signing in Atlanta:

 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 [...]

 It has a sign-up cutoff of two weeks ago, so I assume that was
 merely a placeholder. Which begs the question how late is too late
 for participants to be able to comfortably print out their copies
 (assuming we do http://keysigning.org/methods/sassaman-efficient
 this time)? Should lock down the page Wednesday May 7th? Sooner?

 Keep in mind that this week (April 27 through May 3) is supposed to
 be a vacation week for the project, so people may not be around to
 add themselves until Monday May 5th ;)

 Is there a date a place already schedule for the key signing party?

 Thomas


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: http://davanum.wordpress.com

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Clint Byrum
Excerpts from Thomas Goirand's message of 2014-04-29 07:32:59 -0700:
 On 04/29/2014 06:42 AM, Jeremy Stanley wrote:
  On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
  Just a friendly reminder to add yourself to this list if you are
  interested in participating in the key signing in Atlanta:
 
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  [...]
  
  It has a sign-up cutoff of two weeks ago, so I assume that was
  merely a placeholder. Which begs the question how late is too late
  for participants to be able to comfortably print out their copies
  (assuming we do http://keysigning.org/methods/sassaman-efficient
  this time)? Should lock down the page Wednesday May 7th? Sooner?
  
  Keep in mind that this week (April 27 through May 3) is supposed to
  be a vacation week for the project, so people may not be around to
  add themselves until Monday May 5th ;)
 
 Is there a date a place already schedule for the key signing party?

Actually since we have the summit schedule now, we should start looking
for a time and place.

I think Wednesday would be the ideal day, as it has the most overlap
with the conference and is at least adjacent to if not within most
design tracks.

There are basically two questions:

a) How much time do we need?
b) Where can we find a room where we can isolate ourselves?

tl;dr -- (a) 20 minutes min. (b) A meeting room or a design summit room.

Setup time is less than 5 minutes if we all bring paper printouts. Given
that, more time will increase the number of identities that we are all
able to verify. So I suggest we ensure that everyone understands the
process and brings their print outs on the day-of. If we can do that, I
think we can get quite a few ID's verified and keys signed in just 20
minutes. Given a 30 minute break, I suggest we schedule the event for 5
minutes after the start of the break.

As far as a location, if there are private meeting rooms of a large
enough size that would be ideal. If we can't get one of those, then
perhaps we should target lunch time instead, and use a design summit
room (since they'll be mostly empty for the lunch break).

I don't know who to contact to schedule a meeting room. Anybody?

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Clint Byrum
Break time is extremely busy in the developers lounge. We can have
others in the room, but we need enough of a space for everyone to stand
in two lines and rotate and be uninterrupted.

Excerpts from Davanum Srinivas's message of 2014-04-29 09:07:12 -0700:
 How about 10:30 AM Break on Wednesday at the Developers Lounge (Do we
 have one this time?)
 
 -- dims
 
 On Tue, Apr 29, 2014 at 10:32 AM, Thomas Goirand z...@debian.org wrote:
  On 04/29/2014 06:42 AM, Jeremy Stanley wrote:
  On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
  Just a friendly reminder to add yourself to this list if you are
  interested in participating in the key signing in Atlanta:
 
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  [...]
 
  It has a sign-up cutoff of two weeks ago, so I assume that was
  merely a placeholder. Which begs the question how late is too late
  for participants to be able to comfortably print out their copies
  (assuming we do http://keysigning.org/methods/sassaman-efficient
  this time)? Should lock down the page Wednesday May 7th? Sooner?
 
  Keep in mind that this week (April 27 through May 3) is supposed to
  be a vacation week for the project, so people may not be around to
  add themselves until Monday May 5th ;)
 
  Is there a date a place already schedule for the key signing party?
 
  Thomas
 
 
  ___
  OpenStack-dev mailing list
  OpenStack-dev@lists.openstack.org
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Jeremy Stanley
On 2014-04-29 09:16:53 -0700 (-0700), Clint Byrum wrote:
[...]
 I think Wednesday would be the ideal day, as it has the most overlap
 with the conference and is at least adjacent to if not within most
 design tracks.
[...]

Seconded.

 I suggest we ensure that everyone understands the process and
 brings their print outs on the day-of.
[...]

I've updated the instructions on the sign-up list accordingly.

 I suggest we schedule the event for 5 minutes after the start of
 the break.

Agreed.

 As far as a location, if there are private meeting rooms of a large
 enough size that would be ideal.
[...]
 I don't know who to contact to schedule a meeting room. Anybody?

I'll check with the team handling venue logistics right now and
update this thread with options. I'm also inquiring about the
availability of a projector if we get one of the non-design-session
breakout rooms, and I can bring a digital micro/macroscope which
ought to do a fair job of showing everyone's photo IDs through it if
so (which would enable us to use The 'Sassman-Projected' Method and
significantly increase our throughput via parallelization).
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-29 Thread Jeremy Stanley
On 2014-04-29 08:52:38 +0400 (+0400), Sergey Lukjanov wrote:
 +1 to lock May 7

I've updated the wiki article to note that I'll lock it for further
edits at the end of the (UTC) day on the 7th and generate the
checksummed list from it, then link it there for everyone to
download as quickly as I can do so. I'll also send a signed copy of
the checksummed list in reply to this thread at the same time.
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-28 Thread Sergey Lukjanov
IIRC there was a key signing party on the launch time in Hong Kong, isn't it?

On Sun, Apr 27, 2014 at 4:05 AM, Clint Byrum cl...@fewbar.com wrote:
 Just a friendly reminder to add yourself to this list if you are
 interested in participating in the key signing in Atlanta:

 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit

 Now that we have more visibility about schedules, I think we should try
 to find a time slot. Does anybody have an idea already? If not I think
 we should just pick a break time period and get it done.

 Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700:
 On 03/30/2014 10:00 AM, Mark Atwood wrote:
  Hi!
 
  Are there plans for a PGP keysigning party at the Juno Summit in
  Atlanta, similar to the one at the Icehouse summit in Hong Kong?
 
  Inspired by the URL at
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
  I looked for
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  to discover that that wiki page does not yet exist and I do not have
  permission to create it.
 
  ..m

 If there's none, then we should do one.

 One thing about last key signing party, is that I didn't really like the
 photocopy method. IMO, it'd be much much nicer to use a file, posted
 somewhere, containing all participant fingerprints. To check for that
 file validity, together, we check for its sha256 sum (someone say it out
 loud, while everyone is checking for its own copy). And everyone,
 individually, checks for its own PGP fingerprint inside the file. Then
 we just need to validate entries in this file (with matching ID documents).

 Otherwise, there's the question of the trustability of the photocopy
 machine and such... Not that I don't trust Jimmy (I do...)! :)

 Plus having a text file with all fingerprints in it is more convenient:
 you can just cut/past the whole fingerprint and do gpg --recv-keys at
 once (and not just the key ID, which is unsafe because prone to
 brute-force). That file can be posted anywhere, provided that we check
 for its sha256 sum.

 I would happily organize this, if someone can find a *quite* room with
 decent network. Who can take care of the place and time?

 Of course, We will need need the fingerprints of every participant in
 advance, so the wiki page would be useful as well. I therefore created
 the wiki page:
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit

 Please add yourself. We'll see if I can make it to Atlanta, and organize
 something later on.

 Cheers,

 Thomas Goirand (zigo)


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Sincerely yours,
Sergey Lukjanov
Sahara Technical Lead
(OpenStack Data Processing)
Mirantis Inc.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-28 Thread Jeremy Stanley
On 2014-04-28 18:37:56 +0400 (+0400), Sergey Lukjanov wrote:
 IIRC there was a key signing party on the launch time in Hong
 Kong, isn't it?

Nope, according to the old wiki article we ended up doing it
Thursday November 7 2013 during the 10:30-11:00 AM break. (Though I
suppose that was fairly close to lunch.)
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-28 Thread Jeremy Stanley
On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
 Just a friendly reminder to add yourself to this list if you are
 interested in participating in the key signing in Atlanta:
 
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
[...]

It has a sign-up cutoff of two weeks ago, so I assume that was
merely a placeholder. Which begs the question how late is too late
for participants to be able to comfortably print out their copies
(assuming we do http://keysigning.org/methods/sassaman-efficient
this time)? Should lock down the page Wednesday May 7th? Sooner?

Keep in mind that this week (April 27 through May 3) is supposed to
be a vacation week for the project, so people may not be around to
add themselves until Monday May 5th ;)
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-28 Thread Davanum Srinivas
+1 to lock down the page May 7th.

-- dims

On Mon, Apr 28, 2014 at 6:42 PM, Jeremy Stanley fu...@yuggoth.org wrote:
 On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
 Just a friendly reminder to add yourself to this list if you are
 interested in participating in the key signing in Atlanta:

 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 [...]

 It has a sign-up cutoff of two weeks ago, so I assume that was
 merely a placeholder. Which begs the question how late is too late
 for participants to be able to comfortably print out their copies
 (assuming we do http://keysigning.org/methods/sassaman-efficient
 this time)? Should lock down the page Wednesday May 7th? Sooner?

 Keep in mind that this week (April 27 through May 3) is supposed to
 be a vacation week for the project, so people may not be around to
 add themselves until Monday May 5th ;)
 --
 Jeremy Stanley

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: http://davanum.wordpress.com

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-28 Thread Sergey Lukjanov
+1 to lock May 7

On Tuesday, April 29, 2014, Davanum Srinivas dava...@gmail.com wrote:

 +1 to lock down the page May 7th.

 -- dims

 On Mon, Apr 28, 2014 at 6:42 PM, Jeremy Stanley 
 fu...@yuggoth.orgjavascript:;
 wrote:
  On 2014-04-26 17:05:41 -0700 (-0700), Clint Byrum wrote:
  Just a friendly reminder to add yourself to this list if you are
  interested in participating in the key signing in Atlanta:
 
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  [...]
 
  It has a sign-up cutoff of two weeks ago, so I assume that was
  merely a placeholder. Which begs the question how late is too late
  for participants to be able to comfortably print out their copies
  (assuming we do http://keysigning.org/methods/sassaman-efficient
  this time)? Should lock down the page Wednesday May 7th? Sooner?
 
  Keep in mind that this week (April 27 through May 3) is supposed to
  be a vacation week for the project, so people may not be around to
  add themselves until Monday May 5th ;)
  --
  Jeremy Stanley
 
  ___
  OpenStack-dev mailing list
  OpenStack-dev@lists.openstack.org javascript:;
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



 --
 Davanum Srinivas :: http://davanum.wordpress.com

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org javascript:;
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Sincerely yours,
Sergey Lukjanov
Sahara Technical Lead
(OpenStack Data Processing)
Mirantis Inc.
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-26 Thread Clint Byrum
Just a friendly reminder to add yourself to this list if you are
interested in participating in the key signing in Atlanta:

https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit

Now that we have more visibility about schedules, I think we should try
to find a time slot. Does anybody have an idea already? If not I think
we should just pick a break time period and get it done.

Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700:
 On 03/30/2014 10:00 AM, Mark Atwood wrote:
  Hi!
  
  Are there plans for a PGP keysigning party at the Juno Summit in
  Atlanta, similar to the one at the Icehouse summit in Hong Kong?
  
  Inspired by the URL at
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
  I looked for 
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  to discover that that wiki page does not yet exist and I do not have
  permission to create it.
  
  ..m
 
 If there's none, then we should do one.
 
 One thing about last key signing party, is that I didn't really like the
 photocopy method. IMO, it'd be much much nicer to use a file, posted
 somewhere, containing all participant fingerprints. To check for that
 file validity, together, we check for its sha256 sum (someone say it out
 loud, while everyone is checking for its own copy). And everyone,
 individually, checks for its own PGP fingerprint inside the file. Then
 we just need to validate entries in this file (with matching ID documents).
 
 Otherwise, there's the question of the trustability of the photocopy
 machine and such... Not that I don't trust Jimmy (I do...)! :)
 
 Plus having a text file with all fingerprints in it is more convenient:
 you can just cut/past the whole fingerprint and do gpg --recv-keys at
 once (and not just the key ID, which is unsafe because prone to
 brute-force). That file can be posted anywhere, provided that we check
 for its sha256 sum.
 
 I would happily organize this, if someone can find a *quite* room with
 decent network. Who can take care of the place and time?
 
 Of course, We will need need the fingerprints of every participant in
 advance, so the wiki page would be useful as well. I therefore created
 the wiki page:
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 
 Please add yourself. We'll see if I can make it to Atlanta, and organize
 something later on.
 
 Cheers,
 
 Thomas Goirand (zigo)
 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-01 Thread Jeremy Stanley
On 2014-03-31 14:45:20 -0700 (-0700), Clint Byrum wrote:
 Would it be entirely out of line to take a portion of an infra-team
 session to do this?
[...]
 * This seems relevant to OpenStack development infrastructure.
[...]

About the only place we have any existing infrastructure automation
currently related to OpenPGP keys at all is that we expect releases
to use Git tags which are signed. There's no tooling currently
relying on keys themselves being signed/vetted, so the release
management and cross-project workshops topics are probably equally
suited in this regard.

I can propose a session for this purpose, but there's no expectation
it'll be approved (at which point we have even less time to consider
alternative solutions).
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-04-01 Thread Thomas Goirand
On 04/01/2014 04:03 AM, Jeremy Stanley wrote:
 On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote:
 No miracle here... All slots are pretty full as expected. I think our
 best bet is still the 30-min morning break on Wednesday or Thursday at
 10:30am.
 
 Would finding an available room for an hour sometime on Monday make
 sense instead?

+1

On 04/01/2014 11:41 PM, Jeremy Stanley wrote:
 About the only place we have any existing infrastructure automation
 currently related to OpenPGP keys at all is that we expect releases
 to use Git tags which are signed.

Which is what I use (and yes, I do check for signatures, but I couldn't
get signatures of everyone making signed tags).

Thomas


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-31 Thread Thierry Carrez
Mark Atwood wrote:
 Are there plans for a PGP keysigning party at the Juno Summit in
 Atlanta, similar to the one at the Icehouse summit in Hong Kong?
 
 Inspired by the URL at
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
 I looked for 
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 to discover that that wiki page does not yet exist and I do not have
 permission to create it.

Err... anyone can create anything on the wiki. Maybe you weren't logged in ?

-- 
Thierry Carrez (ttx)

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-31 Thread Thierry Carrez
Jeremy Stanley wrote:
 On 2014-03-29 19:00:33 -0700 (-0700), Mark Atwood wrote:
 Are there plans for a PGP keysigning party at the Juno Summit in
 Atlanta, similar to the one at the Icehouse summit in Hong Kong?
 [...]
 
 Absolutely!
 
 Thierry, any ideas on how to best fit it into the schedule?
 ...hopefully not wedged into a restroom break like I ended up doing
 last time. ;)

No miracle here... All slots are pretty full as expected. I think our
best bet is still the 30-min morning break on Wednesday or Thursday at
10:30am.

-- 
Thierry Carrez (ttx)



signature.asc
Description: OpenPGP digital signature
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-31 Thread Jeremy Stanley
On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote:
 No miracle here... All slots are pretty full as expected. I think our
 best bet is still the 30-min morning break on Wednesday or Thursday at
 10:30am.

Would finding an available room for an hour sometime on Monday make
sense instead? Since we don't have design sessions that day, it
might make it easier to collect some majority of interested ATCs for
longer than we can cram into a 30-minute break. On the other hand it
will potentially conflict with some other operations and general
conference stuff, so we end up leaving out people who might be doing
those things instead...
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-31 Thread Clint Byrum
Excerpts from Jeremy Stanley's message of 2014-03-31 13:03:28 -0700:
 On 2014-03-31 10:55:06 +0200 (+0200), Thierry Carrez wrote:
  No miracle here... All slots are pretty full as expected. I think our
  best bet is still the 30-min morning break on Wednesday or Thursday at
  10:30am.
 
 Would finding an available room for an hour sometime on Monday make
 sense instead? Since we don't have design sessions that day, it
 might make it easier to collect some majority of interested ATCs for
 longer than we can cram into a 30-minute break. On the other hand it
 will potentially conflict with some other operations and general
 conference stuff, so we end up leaving out people who might be doing
 those things instead...

Would it be entirely out of line to take a portion of an infra-team
session to do this? A lot of keys can be signed in 30 minutes.

* You will have the most important people in the WoT for OpenStack in
  that room. This will ensure that the signing is extremely relevant.
* The projection method will be available.
* This seems relevant to OpenStack development infrastructure.

If not, then taking over a session room directly after any day of the
event has been the most successful strategy I've seen at open source
conferences. It needs to be relatively soon after everything ends so that
people can still get to their respective plans.

If we can't commandeer a session, I'll go down the path of contacting
the conference/summit organizers to see if that is possible.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-30 Thread Thomas Goirand
On 03/30/2014 10:00 AM, Mark Atwood wrote:
 Hi!
 
 Are there plans for a PGP keysigning party at the Juno Summit in
 Atlanta, similar to the one at the Icehouse summit in Hong Kong?
 
 Inspired by the URL at
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
 I looked for 
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 to discover that that wiki page does not yet exist and I do not have
 permission to create it.
 
 ..m

If there's none, then we should do one.

One thing about last key signing party, is that I didn't really like the
photocopy method. IMO, it'd be much much nicer to use a file, posted
somewhere, containing all participant fingerprints. To check for that
file validity, together, we check for its sha256 sum (someone say it out
loud, while everyone is checking for its own copy). And everyone,
individually, checks for its own PGP fingerprint inside the file. Then
we just need to validate entries in this file (with matching ID documents).

Otherwise, there's the question of the trustability of the photocopy
machine and such... Not that I don't trust Jimmy (I do...)! :)

Plus having a text file with all fingerprints in it is more convenient:
you can just cut/past the whole fingerprint and do gpg --recv-keys at
once (and not just the key ID, which is unsafe because prone to
brute-force). That file can be posted anywhere, provided that we check
for its sha256 sum.

I would happily organize this, if someone can find a *quite* room with
decent network. Who can take care of the place and time?

Of course, We will need need the fingerprints of every participant in
advance, so the wiki page would be useful as well. I therefore created
the wiki page:
https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit

Please add yourself. We'll see if I can make it to Atlanta, and organize
something later on.

Cheers,

Thomas Goirand (zigo)


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-30 Thread Clint Byrum
Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700:
 On 03/30/2014 10:00 AM, Mark Atwood wrote:
  Hi!
  
  Are there plans for a PGP keysigning party at the Juno Summit in
  Atlanta, similar to the one at the Icehouse summit in Hong Kong?
  
  Inspired by the URL at
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
  I looked for 
  https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
  to discover that that wiki page does not yet exist and I do not have
  permission to create it.
  
  ..m
 
 If there's none, then we should do one.
 
 One thing about last key signing party, is that I didn't really like the
 photocopy method. IMO, it'd be much much nicer to use a file, posted
 somewhere, containing all participant fingerprints. To check for that
 file validity, together, we check for its sha256 sum (someone say it out
 loud, while everyone is checking for its own copy). And everyone,
 individually, checks for its own PGP fingerprint inside the file. Then
 we just need to validate entries in this file (with matching ID documents).
 
 Otherwise, there's the question of the trustability of the photocopy
 machine and such... Not that I don't trust Jimmy (I do...)! :)
 

If we follow either of these methods:

http://keysigning.org/methods/sassaman-efficient
http://keysigning.org/methods/sassaman-projected

Then everyone should bring their own copy of the file. Note that this
implies that one is using their own trusted equipment to do this or
verifying painfully that nothing has been altered during that process.

So it is important that we socialize this and have people ready _before_
the summit, so they can print at home. The point is, users should still
_print it themselves_ to avoid a mass compromise of the key signing
process at the time of duplication/printing.

Now, having somebody else print the lists is fine as long as you have key
owners look at your copy and verify the fingerprint on your list. This is
_extremely_ inefficient compared to the Sassaman Efficient protocol, but
it works o-k for small groups, as the person can verify your list while
you're verifying their government ids, and you can do the same for them.

I would suggest making these photocopies on an odd color of paper so
that key owners can know to ask for the list to verify it, rather than
letting unknowing lazy signers get away with trusting the photocopy.

 Plus having a text file with all fingerprints in it is more convenient:
 you can just cut/past the whole fingerprint and do gpg --recv-keys at
 once (and not just the key ID, which is unsafe because prone to
 brute-force). That file can be posted anywhere, provided that we check
 for its sha256 sum.
 
 I would happily organize this, if someone can find a *quite* room with
 decent network. Who can take care of the place and time?
 

There is zero network necessary for the party. In fact it is sort of
discouraged, as having network would distract from the single-minded
and very social purpose of the party. Or are you requesting a room to
do the list creation?

 Of course, We will need need the fingerprints of every participant in
 advance, so the wiki page would be useful as well. I therefore created
 the wiki page:
 https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
 

Thanks!!

 Please add yourself. We'll see if I can make it to Atlanta, and organize
 something later on.
 

Done. I'm happy to pick up facilitation of this process if you can't
make it.

 Cheers,
 
 Thomas Goirand (zigo)
 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-30 Thread Jeremy Stanley
On 2014-03-30 09:05:51 -0700 (-0700), Clint Byrum wrote:
[...]
 Now, having somebody else print the lists is fine as long as you
 have key owners look at your copy and verify the fingerprint on
 your list. This is _extremely_ inefficient compared to the
 Sassaman Efficient protocol, but it works o-k for small groups, as
 the person can verify your list while you're verifying their
 government ids, and you can do the same for them.
[...]

I completely agree, but I didn't have information disseminated far
enough in advance last time and had to punt by printing a stack
myself.

This was entirely my fault--the original idea was that for the
Icehouse summit we'd jump-start our WoT by trading signatures
between members of the Release Cycle Management and Infrastructure
programs, and then involve the wider development community during
the Juno summit. When requests to do something more formal sprang up
shortly beforehand, I ended up making a course correction with
little time for proper planning. We can, and will, do better!
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] PGP keysigning party for Juno summit in Atlanta?

2014-03-30 Thread Jeremy Stanley
On 2014-03-30 14:32:55 +0800 (+0800), Thomas Goirand wrote:
[...]
 One thing about last key signing party, is that I didn't really
 like the photocopy method.
[...]

Nor did I, but it was a last-minute production since I didn't expect
the majority of attendees to bring cards with their own key
fingerprints because they don't (yet) operate in circles where
keysigning is commonplace. There are much better methods for
high-volume KSPs (Clint links to my favorites in his message later
in the thread, so I won't) and we should use one of those this time.
-- 
Jeremy Stanley

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev