[FOSDEM] Help signing GPG keys for the first time

Marco Cavallini [KOAN] m.cavallini at koansoftware.com
Wed Feb 11 17:11:58 CET 2009


Hello,
I'm a keysigning paty newbie and I was'nt able to find a really useful
document about this last phase in the net or in the FOSDEM website.

I read "When you're back home" chapter in http://ksp.mdcc.cx/ but is not
enough clear to me.

I extracted list of keyIDs from ksp-fosdem2009.txt, then left only ones
to be signed.
For example if my own key was:

196  [ ] Fingerprint OK        [ ] ID OK
pub   1024D/3819854E 2007-02-17 [expires: 2012-02-17]
  Key fingerprint = BD5C 7C6B 7366 62F4 6B2F  6293 81E7 D586 3819 854E
uid Marco Cavallini (KOAN Software) <m.cavallini [AT] koansoftware.com>
--------------------------------------------------------------------------------


I keeped only Key fingerprint lines like this:

BD5C 7C6B 7366 62F4 6B2F  6293 81E7 D586 3819 854E

I did this for each verified ID.

QUESTION 1: is this correct?


Then I tested with

 caff --no-sign --no-export-old --mail no "`cat ksp-test.txt`"

It seems working, but before flooding keysigning party with dirty mail,
I would get a hint from someone more experienced with this topic.


QUESTION 2: In order to send signed keys do I have to set
$CONFIG{’mailer-send’}  option in .caffrc ?
Anybody could share a working .caffrc example ?


QUESTION 3: at this point what command do I have to do?
Maybe this?

  caff --no-export-old --mail yes "`cat ksp-test.txt`"


Any hint would be greatly appreciated.

--
Marco Cavallini



More information about the FOSDEM mailing list