With Module::Signature it would make more sense than ever if the Perl community got a good web of trust built.
The most productive thing, of course, would be if someone organized a keysigning event, but I suspect it's too late for that this year. (There's a keysigning page on the OSCON wiki).
But even then I'd like to sign some keys and get my key signed. If you are going to be at OSCON and want to try, then do this:
- Email me your fingerprint and your public key
- Write down my key fingerprint on a piece of paper or your laptop
- Find me at the conference and we'll confirm identify and key finger print and make a note of it
- Later we'll sign each others keys and email them back.
If you don't already have a key, you can generate one like this
gpg --gen-key
If you have to be ready to keep this key, and keep it safe for years! You might want to add an expiration date to your key so it will expire in a couple of years.
To export your key data and your public key:
gpg --fingerprint KEYID/userid
gpg --export -a KEYID/userid</tt>
Further reading: ApacheCon 2003 keysigning.GnuPG Keysigning Party HOWTO.
This is my key:
pub 1024R/62C48B29 1996-01-22 Ask Bjoern Hansen <ask@develooper.com>
Key fingerprint = DE E6 00 0E B2 45 44 5C 1F FB 38 94 06 3A 0E B4
uid Ask Bjoern Hansen <ask@netcetera.dk>
uid Ask Bjoern Hansen <ask@plys.net>
uid Ask Bjoern Hansen <ask@perl.org>
uid Ask Bjoern Hansen <ask@apache.org>