Versions Compared

Old Version 4

changes.mady.by.user Chris Wilper

Saved on

compared with

New Version 5

changes.mady.by.user Chris Wilper

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To enable people to find your public key, you should publish it to a well-known keyserver.  This is a simple command with gpg:unmigrated-wiki-markup

Code Block

gpg

...

--send-key

...

[yourKeyID]

...where yourKeyID is the last 8 digits of your public key fingerprint.keyID\]

This will upload your public key to a well-known keyserver, which will then trigger other connected keyservers to get a copy.  Afterward, you can verify the general availability of your public key by searching for your name in one of the keyservers in the SKS network.

3. Publish Your Key Fingerprint

Add your fingerprint to this wiki pagethe Dev People page.

4. Sign Others Committers' Keys

For each fingerprint on the Dev People page:

  • Download the key via:
    Code Block
    
gpg --recv-keys [fingerprint]
  • Sign it via:
Code Block

gpg -u [yourKeyID] --sign-key [fingerprint]
  • Upload the signature via:
    Code Block
    
gpg --send-key [fingerprint]

5. Ask Other Committers to Sign Your Key

Email the other committers, notifying them that you've signed their key and uploaded the signature, and they should run:

Code Block

gpg --refresh-keys

...then ask them to sign your key as indicated above.

After they have had a chance to sign your key and upload the signature, you should also do a --refresh-keys so your local web of trust is up to date.

6. Optional: Sign Your Own Key

If you have a key you use for normal communication, you can improve the web of trust by signing your other key with with your code signing key, and vice-versa.