Presented by:

Johannes Segitz

from SUSE

Security engineer at SUSE.

Since my time as a teenager in the 90s I was interested in IT security. After visiting my first CCC congress I got hooked and never looked back. In the last ten years I am a member of the SUSE security team and try to make open source software more secure.

No video of the event yet, sorry! Meanwhile...

At this event we would like to offer the opportunity to get your key signed by other openSUSE contributors. Some of our SUSE employees have very well connected GPG keys, don't miss this opportunity.

NO SUBMISSIONS ARE POSSIBLE ANYMORE, SORRY.

Keylist: ftp://ftp.suse.com/pub/projects/security/osc2016/keylist.txt Signature: ftp://ftp.suse.com/pub/projects/security/osc2016/keylist.txt.asc

Here's what you have to do with this file:

(0) Verify that the key-id and the fingerprint of your key(s) on this list match with your expectation.

(1) Print this UTF-8 encoded file to paper. Use e.g. paps(1) from http://paps.sf.net/.

(2) Compute this file's RIPEMD160 and SHA256 checksums.

gpg --print-md RIPEMD160 keylist.txt gpg --print-md SHA256 keylist.txt

(3) Fill in the hash values on the printout.

(4) Bring the printout, a pen, and proof of identity to the keysigning event. You may find it useful to make a badge stating the number(s) of your key(s) on this list and the fact that you verified the fingerprints of your own key(s). Also provide a place to mark that your hashes match. e.g. +----------------------------+ | I am number 001 | | My key-id & fingerprint: ☑ | | The hashes: ☐ | +----------------------------+

Be on time (2016-06-24 14:00 in the Hacker Room) to actually verify the hashes as they are announced!

Usually I shouldn't publish the hash values before the event to prevent people from just taking them from this mail and not computing them themselves. But we had some problems last year with mail clients mangling the attachments, which lead to non-matching hash values. So I'll publish the beginning of the RIPEMD160 hash: keylist.txt: A0AC F9EF DD99 97BC 484D (...) If you don't have that for keylist.txt, then your mail client screwed up.

Regarding proof of identity: During our last keysigning party we had some ID documents that were quite old (so you used to be quite the heavy metal guy 20 years ago, but now broken by life and without hair it's hard to recognize you), hard to read etc. In such a case it doesn't hurt to bring additional documents, otherwise more security conscious people might not sign you key.

Looking forward to seeing you there

Date:
2016 June 24 - 14:00
Duration:
1 h 30 min
Room:
Hacker Room
Language:
Track:
Community & Project
Difficulty:
Easy

Happening at the same time:

  1. Getting started with Docker
  2. Start Time:
    2016 June 24 12:00

    Room:
    Seminarraum 2

  3. How to bring SUSE/Linux to school!
  4. Start Time:
    2016 June 24 13:30

    Room:
    Seminarraum 1

  5. Scaling your logging infrastructure with syslog-ng
  6. Start Time:
    2016 June 24 13:30

    Room:
    Roter Salon

  7. Kolab Summit 2.0 - Niche Markets
  8. Start Time:
    2016 June 24 14:00

    Room:
    Galerie

  9. uEFI grub2 on Raspberry Pi
  10. Start Time:
    2016 June 24 14:00

    Room:
    Saal

  11. Let openQA test you own stuff
  12. Start Time:
    2016 June 24 14:30

    Room:
    Saal

  13. openSUSE Backports
  14. Start Time:
    2016 June 24 14:30

    Room:
    Seminarraum 1

  15. A Guided Tour of Machinery
  16. Start Time:
    2016 June 24 15:00

    Room:
    Galerie

  17. Improve the quality of Plasma with Wayland
  18. Start Time:
    2016 June 24 15:00

    Room:
    Saal

  19. Disk encryption
  20. Start Time:
    2016 June 24 15:00

    Room:
    Roter Salon

  21. LinuxTag-style hacking contest
  22. Start Time:
    2016 June 24 15:00

    Room:
    Seminarraum 2

  23. Configuration Management in Production
  24. Start Time:
    2016 June 24 15:00

    Room:
    Seminarraum 1