Created attachment 13831 [details]
Please change my write-access for Mesa's git-repository to :
E-mail : firstname.lastname@example.org
Real name : Jouk Jansen
Preferred account name : joukj
Created attachment 13832 [details]
ssh public key
Reassigning to account admins.
In order to change your account you need to verify you own it. The joukj account already exists. Are you able to login and put the gpg key listed here in the account? That's good enough for verification.
The loss of the old key, by changing machines is the core problem. If I had not, I could have changed the account myself.
Looks like a chicken and egg problem.
Hmm, quite a problem we have then.
I can't change your account till I can verify who you are.
It appears you've not previously had a gpg associated with your account either so I can't use the web of trust based on your old key.
You'll need to get a few fellow fd.o members to sign your gpg key before I'm happy to update your account.
I apologise if it seems like a bit of overkill just to change your account, but being part of the mesa group gives you access to code that if tampered with would cause quite a bit of damage (though reversable).
Eric / Brian if this request is legit, can you please sign Jouk's new key.
I just got my old laptop working again (with an temporarily external screen).
However on that machine no public gpg key was present (only the ssh-keys). As I remember well all the previous account changes were performed by Eric&Daniel
I have no problem with Jouk's new account.
How do I sign a key?
3.8 How to sign others' keys
Step 1: Get a copy of the key
Normally, you'll be working from a keyserver. However if you are signing the key that is not available on a keyserver, you can use simply import the key with gpg --import. If you are working with a keyserver, the following command will download the key from the keyserver into your public keyring.
bash$ gpg --keyserver <keyserver> --recv-keys <Key_ID>
If you get a read error, it means the keyserver is overloaded. Please, try again in a few seconds.
Step 2: Fingerprint and Verify the key
bash$ gpg --fingerprint <Key_ID>
GPG will print out the fingerprint of the Key with <Key_ID > (the key you just downloaded). Check the fingerprint against the checklist that you where given at the party. Note: Don't check the fingerprint on your checklist against the fingerprint on the web page as the server may not send you the same key it displays on the web page.
Step 3: Sign the key
bash$ gpg --sign-key <Key_ID>
Step 4: Return or Upload the signed key
If you are working with an entity which does not want their key on a public keyserver, you should at this point you should return their signed key back to them by their method of choice - normally encrypted email. You should not send a public key to a keyserver with out the permission of the key's owner. Publicizing a public key slightly reduces the security of a key pair, therefor it is considered rude to make a key more public than its owner desires.
Most likely you are working with a keyserver. If that is the case, you can send the signed key back to the keyserver like this:
bash$ gpg --keyserver <keyserver> --send-key <Key_ID>
You should see a success message like this:
gpg: success sending to `<keyserver>' (status=200)
Congratulations, the signature of the other entity's key is now complete and your signature has been incorporated into their public key. A trust path has been established.
Jouk do you still want this account, Brian confirms you?
I'm in favor of Jouk's account. Still not quite clear on the key signing (I'm totally clueless about that stuff). In the instructions above, is <Key_ID> the pgp key or the ssh public key? And what do I put in for <keyserver>?
You just asked me at the first day of my holidays. I stayed away for over 4 weeks so I could not reply earlier.
Yes I still want the account.
But please wait one or two days so that I have time to check if the "keys" are still valid.
If they are changed, should I send them through this bug-report, directly to anybody or via Brian?
Attach new keys to this bug report please.
Created attachment 18653 [details]
New SSH public key (GPG-key should be allright)
My new SSH public key.
The GPG public key was not changed
Well it's official after 9 months your account has finally been fixed.
I am extremely sorry in the delay about getting this all worked out. Now we have a gpg key, this should never happen in the future.