[Scummvm-devel] Exchanging GPG resp. PGP keys

Max Horn max at quendi.de
Mon Feb 14 22:52:46 CET 2011


Hi folks,

it would be really nice if we had a reliable "web of trust" built from cross-signed GPG keys (if you are not familiar with GPG / GnuPG or PGP, then read here: <http://en.wikipedia.org/wiki/GNU_Privacy_Guard> or here <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>.

One of the motivations for this is that GIT integrates with this, and we could mark certain releases as officially approved by signing them using a GPG key. Also, for certain internal communications (such as emailing passwords around and sensitive discussions) it would be beneficial to have encrypted and signed communication...


Right now, Sven / DrMcCoy and me have met in person and exchange and cross-signed our GPG keys. It would be good to extend that to more team members. You can find my key here: <http://gpg-keyserver.de/pks/lookup?search=max%40quendi.de&op=vindex>.

Unfortunately, it will be rather difficult for most of us to meet in person. Still, maybe we could at least exchange GPG keys, so that if any of us runs into another, we then have everything ready to verify identities and exchange key fingerprints. (I recently met Willem and missed that chance, and likewise with Eugene and Joost when I met them at google two years ago).

I am not sure what the best way is to organize a key exchange; maybe we should just collect these keys on a Wiki page (I know it can be tampered with; the point is not to prevent that, though, just to make it easy to pick up the keys; verifying that they are correct is a separate step anyway).

Anyway... this would also be yet another excuse for a ScummVM developer meet up. Maybe not a worldwide one, but perhaps the folks in central europe could at least meet ... ? :)


Further suggestions on this are welcome!

Cheers,
Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: Signierter Teil der Nachricht
URL: <http://lists.scummvm.org/pipermail/scummvm-devel/attachments/20110214/1a4bfe3b/attachment.sig>


More information about the Scummvm-devel mailing list