blob: 49cbf96fcf5fca28893e5c81843c31c30dd3cdf3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#use wml::debian::template title="Step 2: Identification" NOHEADER="true"
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
<p>The information on this page, while public, will primarily
be of interest to future Debian developers.</p>
<h2>Step 2: Identification</h2>
<h3>Why OpenPGP?</h3>
<p>Debian makes extensive use of OpenPGP because <a
href="newmaint#Member">Debian members</a> are located all over the world
(see the <a href="$(DEVEL)/developers.loc">developer locations</a>) and rarely
meet each other in person. This means trust cannot be built up by
personal contact and other means are necessary. All Debian developers
are identified by their <a href="https://openpgp.org/">OpenPGP</a>
key. These keys make it possible to authenticate messages and
other data by signing it. For more information on OpenPGP keys
see the README file in the <code>debian-keyring</code> package.</p>
<h3>Providing a key</h3>
<p>Each <a href="newmaint#Applicant">Applicant</a> must provide an
OpenPGP version 4 public key with encryption capabilities. The
preferred way to do this is to export it to one of the public key
servers, such as <tt>keys.openpgp.org</tt>.
Public keys can be exported using:</p>
<pre>
gpg --send-key --keyserver <server address> <yourkeyid>
</pre>
<p>If your key has no encryption capability, you can simply add
an encryption subkey.</p>
<p>See <a href="https://keyring.debian.org/">keyring.debian.org</a>
for more information on key formats and properties.</p>
<h3>Verification</h3>
<p>Since anyone can upload a public key to the servers it needs
to be verified that the key belongs to the Applicant.</p>
<p>To accomplish this the public key itself must be signed by two other
<a href="newmaint#Member">Debian members</a>. Therefore the
Applicant must meet this Debian member in person and must
identify himself (by providing a passport, a driver's license
or some other ID).</p>
<h4><a name="key_signature">How to get your OpenPGP key signed</a></h4>
<p>There are several ways to find a Debian member for a key
exchange. You should try them in the order listed below:</p>
<ol>
<li>Announcements of key signing parties are usually posted on the
<code>debian-devel</code> mailing list, so check there first.</li>
<li><p>You can look for developers in specific areas through the <a
href="https://wiki.debian.org/Keysigning">key signing coordination page</a>:</p>
<ul>
<li>First you should check the list of key signing offers for a Debian
member near you.</li>
<li>If you cannot find a Debian member among the key signing offers,
you can register your key signing request.</li>
</ul>
</li>
<li>If no one has reacted to your request for several weeks, send an
e-mail to <email debian-private@lists.debian.org> telling them exactly
where you live (plus naming some big cities close to you),
then they can check in the developer database for developers who are
near you.</li>
</ol>
<p>Once you find someone to sign your key, you should follow the steps
in the <a href="$(HOME)/events/keysigning">Keysigning Mini-HOWTO</a>.</p>
<p>It is recommended that you also sign the Debian Developer's
key. This is not necessary for your ID check but it strengthens the
web of trust.</p>
<h4>When you can't get your key signed</h4>
<p>If all of the steps above fail, please contact the
<a href="newmaint#FrontDesk">Front Desk</a> and ask for help. They may
offer you an alternate way of identification.</p>
<hr>
#include "$(ENGLISHDIR)/devel/join/nm-steps.inc"
|
