View on GitHub

EU FOSSA Hackathons

Apache Hackathon 2019

PGP Key signing

Since many Apache commiters attended the event, it was the perfect opportunity to have a PGP keysigning party. For many attendees not part of the Apache community this was the first time they attendend or even heard of such event.

Open source communities like Apache rely on asymetric cryptography for building trust in communication and software releases. Private and public key crypto, the Web of trust and PGP can be a quite complex technology for people not used to it but experienced Apache commiters did a good job explaining and helping others to understand and being part of this.

At the second day many people submitted their keys and they gathered to prove each others identity. The process of doing it and the list of keys was already explained and prepared during the event in this page. It worked very well and was kind of fun for the participants.

The PGP signing was just another part of the hackathon where everybody could learn how open source works and security and trust is created at globally distributed open source communites.