Developer / TU key signing, first master key available
Hello developers / TUs,
My Arch master key is available at [1] with fingerprint 6841 48BB 25B4
9E98 6A49 44C5 5184 252D 824B 18E8.
Every packager, please do the following:
1) Reply to this email to thomas@master-key.archlinux.org and fully
quote this email. Include your gerolde/sigurd username in the email.
Sign your reply using your GPG key.
2) Upload your public key (gpg --armor --export $KEYID) to your home
directory on gerolde/sigurd under the name $HOME/arch-linux-packager-key.
3) Name at least one package in the repositories already signed with
your key.
Sadly, this process will only prove that you are in posession of the ssh
key to upload packages into the repositories. I will contact you
personally afterwards if I need further identification.
Please note: there are be 5 master key holders (Allan, Dan, Pierre,
Ionut, me), and you need at least 3 signatures on your key so your
packages will be trusted by pacman.
Developer / TU key signing, first master key available
On Wed, Nov 23, 2011 at 10:12 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
> Hi all,
>
> here is a little status update. So far I have issued 67 signatures in
> total for 36 Developers and Trusted Users. 10 people haven't reported
> back and another 11 haven't even managed to publish their key yet.
>
> I created a graph of our web of trust as it looks now (using sig2dot;
> thanks Dan):
> *https://users.archlinux.de/~pierre/tmp/sigs.png
What happened to the colors?
-Dan
11-23-2011, 09:09 PM
Marek Otahal
Developer / TU key signing, first master key available
On Wednesday 23 of November 2011 17:12:44 Pierre Schmitz wrote:
> I created a graph of our web of trust as it looks now (using sig2dot;
> thanks Dan):
> https://users.archlinux.de/~pierre/tmp/sigs.png
I'm not sure how the graph should work, but it shows eg. Thomas B. three times!
--
Marek Otahal )
11-25-2011, 02:58 PM
Jelle van der Waa
Developer / TU key signing, first master key available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19/11/11 15:38, Thomas Bächler wrote:
> Hello developers / TUs,
>
> My Arch master key is available at [1] with fingerprint 6841 48BB
> 25B4 9E98 6A49 44C5 5184 252D 824B 18E8.
>
> Every packager, please do the following: 1) Reply to this email to
> thomas@master-key.archlinux.org and fully quote this email. Include
> your gerolde/sigurd username in the email. Sign your reply using
> your GPG key. 2) Upload your public key (gpg --armor --export
> $KEYID) to your home directory on gerolde/sigurd under the name
> $HOME/arch-linux-packager-key. 3) Name at least one package in the
> repositories already signed with your key.
>
> Sadly, this process will only prove that you are in posession of
> the ssh key to upload packages into the repositories. I will
> contact you personally afterwards if I need further
> identification.
>
> Please note: there are be 5 master key holders (Allan, Dan,
> Pierre, Ionut, me), and you need at least 3 signatures on your key
> so your packages will be trusted by pacman.
>
> Regards Thomas
>
> [1]
> https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
>
1)
>
Sigurd username: jelle
3) Package signed: mashup, guifications, gcc-avr, openttd-opengfx
- --
Jelle van der Waa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Developer / TU key signing, first master key available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
1)
My sigurd username: arodseth
Fully quoted email:
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
- --------------enigB712A60E69DF712BED1984DD
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Hello developers / TUs,
My Arch master key is available at [1] with fingerprint 6841 48BB 25B4
9E98 6A49 44C5 5184 252D 824B 18E8.
Every packager, please do the following:
1) Reply to this email to thomas@master-key.archlinux.org and fully
quote this email. Include your gerolde/sigurd username in the email.
Sign your reply using your GPG key.
2) Upload your public key (gpg --armor --export $KEYID) to your home
directory on gerolde/sigurd under the name $HOME/arch-linux-packager-key.=
3) Name at least one package in the repositories already signed with
your key.
Sadly, this process will only prove that you are in posession of the ssh
key to upload packages into the repositories. I will contact you
personally afterwards if I need further identification.
Please note: there are be 5 master key holders (Allan, Dan, Pierre,
Ionut, me), and you need at least 3 signatures on your key so your
packages will be trusted by pacman.
Developer / TU key signing, first master key available
Am 19.11.2011 15:38, schrieb Thomas Bächler:
> Hello developers / TUs,
>
> My Arch master key is available at [1] with fingerprint 6841 48BB 25B4
> 9E98 6A49 44C5 5184 252D 824B 18E8.
>
> Every packager, please do the following:
> 1) Reply to this email to thomas@master-key.archlinux.org and fully
> quote this email. Include your gerolde/sigurd username in the email.
> Sign your reply using your GPG key.
> 2) Upload your public key (gpg --armor --export $KEYID) to your home
> directory on gerolde/sigurd under the name $HOME/arch-linux-packager-key.
> 3) Name at least one package in the repositories already signed with
> your key.
>
> Sadly, this process will only prove that you are in posession of the ssh
> key to upload packages into the repositories. I will contact you
> personally afterwards if I need further identification.
>
> Please note: there are be 5 master key holders (Allan, Dan, Pierre,
> Ionut, me), and you need at least 3 signatures on your key so your
> packages will be trusted by pacman.
>
> Regards
> Thomas
>
> [1] https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
Please note: There are many TUs (and some devs) that didn't reply to
this request yet. There are even TUs that replied to the other master
key holders, but not me.
Please be aware that you have to contact all master key holders
separately in the way stated in the request. It is not sufficient to
reply just one of them!
Also be aware that after some transition time, gerolde and sigurd will
check your signature on db-update, and WILL REJECT THE PACKAGE IF YOUR
KEY IS NOT TRUSTED. Therefore, completing the key submission to the
master key holders is non-optional!
When replying, please make sure that "thomas@master-key.archlinux.org"
is included in the "To:" field of your email (otherwise I will probably
miss the mail). If you fail to configure your mail client for signing
emails, please write the text into a plaintext file, sign it, and attach it.
11-29-2011, 03:31 PM
Thomas Dziedzic
Developer / TU key signing, first master key available
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1
Am 19.11.2011 15:38, schrieb Thomas Bächler:> Hello developers /
TUs,>> My Arch master key is available at [1] with fingerprint 6841
48BB 25B4> 9E98 6A49 *44C5 5184 252D 824B 18E8.>> Every packager,
please do the following:> 1) Reply to this email to
thomas@master-key.archlinux.org and fully> quote this email. Include
your gerolde/sigurd username in the email.> Sign your reply using your
GPG key.> 2) Upload your public key (gpg --armor --export $KEYID) to
your home> directory on gerolde/sigurd under the name
$HOME/arch-linux-packager-key.> 3) Name at least one package in the
repositories already signed with> your key.>> Sadly, this process will
only prove that you are in posession of the ssh> key to upload
packages into the repositories. I will contact you> personally
afterwards if I need further identification.>> Please note: there are
be 5 master key holders (Allan, Dan, Pierre,> Ionut, me), and you need
at least 3 signatures on your key so your> packages will be trusted by
pacman.>> Regards> Thomas>> [1]
https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
1) tdziedzic on sigurd2) done3) nodejs in community-----BEGIN PGP
SIGNATURE-----Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJO1Qh/AAoJEH+xo4AMhMCl50EQAI2fpOSLiTXASaEHlAOHXmgKmCkkJy O5dqJVH5yeofhmWd4hERcu8qQfqTSB87GJw0DeFRN5C5FDS8zx ZbLsayyvfrVgiHtA14g3aKzjDKRfEQzbqMDSqTT2+kMsokTfdl Z3tf0ssyRWSvAdaHY1KIJ8wZ6TQc0LkfOtdLAg/p+6FX1RUxCncmVJnewCjuSdeknn6s6riGmoaWD7j80oc9Ggnwd Y2JyipG4i6iecyLFOleVItwWPLneoBJsmct+DoBbfKQQtJjtUn n9ou9X0TYHFOgfYIoco7KmPFAD/MTpGOGrglLs0369lZtgBzCfOxutVoUePTbqsFuCtZocgf1quT8 yw5le1a2oO6valzRUefBgYAz+NoNPB4FKclAKanPVKOfnSTO0t VJHgieccwbjzT5MguH+Q44k+D3RKE9Q7yv+i9+zl3tvNLZaGza bup3+C/70fXuruZ3jy2pLNyvJcFEq99TCzGBIudQmJ00zhFcQLwvbEgBo/AzQlCn/H5+fYapuqYki/WLviHSTSMXzQMX0fVUBLoszYrAjTJ1Ds793mQM/A5nU8ERjUNVEXJ3BadckDSCBOqVn72OwjxHBTkLeKFlKU66shz 7m8LhJM6Nx1DWIB+PB/aJ1xmnhCn2+91jl2T8tmKIq2YNelolXw4U8F4IMpHvBbkASZSx v4=+eik-----END
PGP SIGNATURE-----
12-01-2011, 02:05 PM
Peter Lewis
Developer / TU key signing, first master key available
On Monday 28 Nov 2011 15:12:53 Thomas Bächler wrote:
> Please note: There are many TUs (and some devs) that didn't reply to
> this request yet.
Sorry - I haven't replied to any yet and won't get a chance to until the
weekend. Hope that doesn't delay anything... :-)
12-05-2011, 01:44 AM
Daenyth
Developer / TU key signing, first master key available
Note that I added the reply also as an attachment in case my email
body gets changed by gmail..
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Nov 19, 2011 at 09:38, Thomas Bächler <thomas@archlinux.org> wrote:
> Hello developers / TUs,
>
> My Arch master key is available at [1] with fingerprint 6841 48BB 25B4
> 9E98 6A49 44C5 5184 252D 824B 18E8.
>
> Every packager, please do the following:
> 1) Reply to this email to thomas@master-key.archlinux.org and fully
> quote this email. Include your gerolde/sigurd username in the email.
> Sign your reply using your GPG key.
> 2) Upload your public key (gpg --armor --export $KEYID) to your home
> directory on gerolde/sigurd under the name $HOME/arch-linux-packager-key.
> 3) Name at least one package in the repositories already signed with
> your key.
>
> Sadly, this process will only prove that you are in posession of the ssh
> key to upload packages into the repositories. I will contact you
> personally afterwards if I need further identification.
>
> Please note: there are be 5 master key holders (Allan, Dan, Pierre,
> Ionut, me), and you need at least 3 signatures on your key so your
> packages will be trusted by pacman.
>
> Regards
> Thomas
>
> [1] https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
>
My usernname is (surprisingly) Daenyth on sigurd.
Signed Packages: tremulous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
On Sat, Nov 19, 2011 at 09:38, Thomas Bächler <thomas@archlinux.org> wrote:
> Hello developers / TUs,
>
> My Arch master key is available at [1] with fingerprint 6841 48BB 25B4
> 9E98 6A49 44C5 5184 252D 824B 18E8.
>
> Every packager, please do the following:
> 1) Reply to this email to thomas@master-key.archlinux.org and fully
> quote this email. Include your gerolde/sigurd username in the email.
> Sign your reply using your GPG key.
> 2) Upload your public key (gpg --armor --export $KEYID) to your home
> directory on gerolde/sigurd under the name $HOME/arch-linux-packager-key.
> 3) Name at least one package in the repositories already signed with
> your key.
>
> Sadly, this process will only prove that you are in posession of the ssh
> key to upload packages into the repositories. I will contact you
> personally afterwards if I need further identification.
>
> Please note: there are be 5 master key holders (Allan, Dan, Pierre,
> Ionut, me), and you need at least 3 signatures on your key so your
> packages will be trusted by pacman.
>
> Regards
> Thomas
>
> [1] https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
>
My usernname is (surprisingly) Daenyth on sigurd.
Signed Packages: tremulous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Developer / TU key signing, first master key available
> Hello developers / TUs,
>
> My Arch master key is available at [1] with fingerprint 6841 48BB
> 25B4 9E98 6A49 44C5 5184 252D 824B 18E8.
>
> Every packager, please do the following: 1) Reply to this email to
> thomas at master-key.archlinux.org and fully quote this email. Include
> your gerolde/sigurd username in the email. Sign your reply using
> your GPG key. 2) Upload your public key (gpg --armor --export
> $KEYID) to your home directory on gerolde/sigurd under the name
> $HOME/arch-linux-packager-key. 3) Name at least one package in the
> repositories already signed with your key.
>
> Sadly, this process will only prove that you are in posession of
> the ssh key to upload packages into the repositories. I will
> contact you personally afterwards if I need further
> identification.
>
> Please note: there are be 5 master key holders (Allan, Dan,
> Pierre, Ionut, me), and you need at least 3 signatures on your key
> so your packages will be trusted by pacman.
>
> Regards Thomas
>
> [1]
> https://dev.archlinux.org/~thomas/thomas_AT_master-key.archlinux.org.asc
>
Developer / TU key signing, first master key available
)
