个人工具
登录
查看“UbuntuHelp:UnsignedGpgKey”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:UnsignedGpgKey”的源代码
来自Ubuntu中文
←
UbuntuHelp:UnsignedGpgKey
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/UnsignedGpgKey}} {{Languages|UbuntuHelp:UnsignedGpgKey}} == Handling Unsigned GPG Keys == === Background === Ubuntu Maintainers (including MOTU (Masters of the [[UbuntuHelp:AddingRepositoriesHowto|Universe]])) are required to have a GPG key in order to sign and upload their packages. Before being allowed to upload, your GPG key must be verified by acquiring a signature from at least one other GPG user who have met in real life and have confirmed your identity. This person must be part of large group of people called the strongly connected set through which other Ubuntu developers are also all connected. This protects Ubuntu and its users from bad guys who might pose as an Ubuntu developer to upload a trojaned or otherwise nasty package. === The Problem === Some people interested in helping with Ubuntu have keys that have not been signed or keys that are not signed by another key in the strongly connected set. If it is hard to trace a series of signatures (i.e., connections) from you back to someone that the Ubuntu community already trusts, your upload access will be delayed. === Solution #1 === The absolutely ideal solution is to have your key signed in person by someone else in the global strongly connected set. [http://biglumber.com/] has a searchable database of GPG users by location. If you can find someone in your area, confirm with a current Ubuntu member that their signature is acceptable for access to Ubuntu resources, and then you can politely ask that person to exchange keys. Another list: * http://nm.debian.org/gpg_offer.php When you meet to do a keysigning you will need to bring the output of 'gpg --fingerprint youremail@domain.com' printed on paper, as well as a government issue photo ID (passport or drivers license). To get an idea of goes on at a keysiging, read these guidelines (which describe a full-blown party which is probably more complex than what you will do): http://mako.yukidoke.org/keys/keysign.txt === Solution #2 === In situations where you absolutely cannot get a key signed by someone else in the strongly connected set, you will need to demonstrate this to members of the Ubuntu Community Council and Technical Board. If you can convince them that it is impossible to get a signed key, you can have your identity verified differently. To do this, you should print a copy of the Ubuntu Code of Conduct, followed by the output of 'gpg --fingerprint youremail@domain.com'. Take this printout to your friendly local notary, and ask them to validate your signature on this document. This will require at least one form of government issued ID (passport or drivers license). You will then need to snail mail this document - the address will be made available to approved maintainers who are confirmed to require this method by members of the Community Council or Technical Board. ---- [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:UnsignedGpgKey
。