[SGVLUG] Who wants to be the President... (was Proof of LUGmembership])

Wed Mar 29 12:15:56 PST 2006

On 3/29/06, Dustin Laurence <dustin at dogbert.laurences.net> wrote:
> On Wed, Mar 29, 2006 at 11:08:00AM -0800, Emerson, Tom wrote:
>
> > (at best, Mike is and I was the "moderator" -- I think David has claimed
> > the title of press relations, or at the very least doesn't mind taking
> > the point on this...)
>
> Huh.  If we really had to have one, Matti might be the right candidate.
> Though he's absent more often these days....
>
> > Newsletter?  We have a newsletter?  That's news to me! :)
>
> Of course we have a news letter.  This month's is "R".
>
> > > could create a LUG PGP key, but it's hard to see how you
> > > would verify that the public key is valid.
> >
> > Not a bad idea -- we could create said key at next month's meeting (as a
> > bit of "show and tell" on how to do pgp keys) and have anyone/everyone
> > in attendance sign it with their key (and reciprocally sign theirs as
> > well).
>
> Yeah, actually I think that's a good idea, because it creates an example
> and gives us a central node in the web of trust all in one go.
> Interesting issue, though--how does someone check the credentials of the
> SGVLUG key?  It doesn't have gubmint ID.  I guess all those present who
> witnessed the key creation can sign in good faith, but what about next
> month?
>
> I guess you'd check the credentials of the LUG keymaster (er, but how do
> you know they are the keymaster)?  We'd need a "keymaster" then.  More
> titles!  But I forget--does the keymaster get to kiss Sigourney Weaver
> or is she the keymaster and I'm thinking of the gatekeeper.  (Boy, does
> that joke date me.)
>
> You know, we *do* need a gatekeeper.  That would be the person who
> maintains the "open the door please" button or otherwise makes sure we
> can get into the building.
>
> Maybe we can waive the keymaster/gatekeeper kiss and just go straight to
> the scene where Sigourney is floating above the bed. :-)
>
> > ...The fact that the lug's key is signed by so many lends credence
> > to it's validity, and anyone signed by that key would be a defacto
> > "member".
>
> Oh, sure, it would work fine for us, I was just thinking that it's
> meaningless for the LDS.  I could just as easily create a key myself and
> claim it's the SGVLUG key, and they'd never know the difference.  It
> might even be true if I then offered to be the LUG keymaster after the
> fact. :-)
>
> > ...(or I suppose we could make a signed list available as
> > appropriate -- probably just by name only as people tend to be skittish
> > about easily accessed lists of e-mail addresses...)
>
> GPG will generate a list of keys that have been signed, won't it?
> That's the list--key descriptions and fingerprints.
>
> What about getting the LUG webserver a CACert signature while we're at
> it?

I am not sure but I think that CACert assures a person not a loose
group of Linux people.
But if we generated a GPG key public/private key pair and put the
public key on the website and the signed people's keys you could then
check against the publicly available key.

But it would require a someone to sign the keys on request, with SGVLUG's key.