-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I’m pleased to announce that I’ve joined the Qubes team in a part-time role as Community Manager. I consider it an honor to have the opportunity to work with such a talented team of individuals and to serve such a dynamic community. As the Community Manager, I’ll primarily be responsible for things like handling user feedback, organizing bug reports, tracking community-developed features, and facilitating community contributions to the codebase. (As with any small project, however, we all wear many hats, so if there’s ever anything Qubes-related I can help you with, please let me know.)
I’ve been active in the Qubes community for several years now under the pseudonym “Axon,” primarily writing documentation and helping to maintain the Qubes website in my spare time as a volunteer (which I plan to continue doing alongside my new role). In joining the Qubes team more officially, however, I’ve decided to retire my pseudonym and to begin using my real identity. I consider myself fortunate to be in a position to make this choice. For me, the decision to use a pseudonym was based primarily on considerations of personal privacy. For many other people around the world, however, pseudonymous and anonymous communication is a matter of life and death. This is one reason that I believe Qubes OS – and especially its partnership with Whonix – is so important: it allows for the secure compartmentalization of these various contextual identities (along with all the other areas of one’s digital life) in ways which would not otherwise be possible. More importantly, however, it freely puts this control in the hands of individual users.
Admittedly, it currently takes a certain kind of user – one who is sufficiently self-motivated and willing to learn – to make full use of Qubes OS. This is something we’re continually working on. By working to make Qubes accessible to a wider user base, we aim to make strong endpoint security available to everyone, regardless of their level of technical expertise. As computers continue to become increasingly integrated with our lives (and our bodies), the importance of secure computing increases proportionately for all of us.
If you’d like to verify my identity, I’d be happy to help. There are three PGP keys you may wish to authenticate:
Key Fingerprint =============================== ================================================== Andrew David Wong (primary) BBAF 910D 1BC9 DDF4 1043 629F BC21 1FCE E9C5 4C53 Axon (retired pseudonym) 746A B6DE 2A02 B5A5 DCBD 3F32 A4EC AE9C 8E97 231E Qubes Documentation Signing Key E11D 15C6 D204 3576 9FFA A456 8CE1 3735 2A01 9A17
You can fetch these keys from my website:
$ gpg --fetch \ https://andrewdavidwong.com/adw.asc \ https://andrewdavidwong.com/axon.asc \ https://andrewdavidwong.com/qubes-doc.asc
Or import them from my keys repo:
$ git clone git://github.com/andrewdavidwong/keys $ gpg --import keys/*
Or retrieve them from a public key server:
$ gpg --recv \ 0xBBAF910D1BC9DDF41043629FBC211FCEE9C54C53 \ 0x746AB6DE2A02B5A5DCBD3F32A4ECAE9C8E97231E \ 0xE11D15C6D20435769FFAA4568CE137352A019A17
Once you have all three keys, you can check that they’ve all been level-3 certified by one another:
$ gpg --check-sigs \ 0xBBAF910D1BC9DDF41043629FBC211FCEE9C54C53 \ 0x746AB6DE2A02B5A5DCBD3F32A4ECAE9C8E97231E \ 0xE11D15C6D20435769FFAA4568CE137352A019A17
Then, you can verify that this post itself has been signed by all three keys. There are several ways to do this. Since this post is a clearsigned message block, the most obvious way is simply to copy it directly from your browser. Start by telling GPG that you’d like to verify something:
$ gpg --verify
Next, copy the signed message block from this page to your clipboard.
(Extraneous text is fine, so you can simply press
ctrl + A to select
all the text on this page, followed by
ctrl + C.) Then, simply paste
it into your terminal emulator and press
ctrl + D. GPG will proceed
to verify the signatures.
Alternatively, you may prefer a clearsigned, plain text version of this post. (Perhaps your browser has rendered the text differently, invalidating the signature, or you simply don’t want to bother with all that copying and pasting.) After downloading and reviewing the file, you can verify it like so:
$ gpg --verify _2016-04-29-community-manager.asc
Or download and verify in a single command:
$ curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.asc | gpg --verify
$ gpg --verify _2016-04-29-community-manager.md.sig 2016-04-29-community-manager.md
Or, if you’re feeling adventurous, do it all in a single command:
$ gpg --verify \ <(curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.md.sig) \ <(curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/2016-04-29-community-manager.md)
Then, you can verify the three tags on the commit for this post – each one singed by its respective key:
$ git clone git://github.com/QubesOS/qubes-posts.git $ cd qubes-posts/ $ git verify-tag adw $ git verify-tag axon $ git verify-tag qubes-doc-adw
Finally, you can verify my Qubes Documentation Signing Key signature on the commit itself:
$ git verify-commit `git rev-list -n 1 adw`
With any luck, you’re now convinced that all three keys belong to the same person and that this person is the author of the words you’re reading. For other objects signed by these keys, feel free to check out my signed commits to the Qubes website and documentation repos, my signed emails to the mailing lists, and the proofs available from my Keybase profile.
You’re also welcome to contact me privately (e.g., to request key
authentication through alternative channels). For personal correspondence,
firstname.lastname@example.org functions as both an email address
and an XMPP address. My OTR key fingerprint is:
1A5F4647 4CEEA362 4F740943 D4F40D4F CC1116CB
Please direct all Qubes-specific correspondence to email@example.com.
Finally, please note that since I’m no longer using the “Axon” pseudonym,
I’ll begin using my primary key (
0xBC211FCEE9C54C53) instead of the
Axon key (
0xA4ECAE9C8E97231E) for everything except Qubes documentation
signing. I intend to allow the latter’s active subkeys to expire without
renewal on 2016-10-03.
Thanks for reading!
-----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXIyecAAoJENtN07w5UDAwcbQQAKMz08UQCY9swDJnM1hEMUdE a95y4wlMYF/tmPdr2btei7QA3C1idlN9S+40qvRfdwTiPSlr3JkxthRkZSkKg1Z8 f1TQMePkqaTJR3XFovtUG6L8CJqiSPocqIWAkzcq0X6WbNOeswGmmgPgTkOiLtLT cZLZm39Q6lHq0kKYQmFxdxBcMpyPrbxiGhMHq/Tqp50upn+uQwmQOAYWLy0pIHHs h87tHAIT8wZ9SzW5pqS/94OHLZOTqI3TvohT5N8M7q+ywEKqXIvrAAVrqjU0Q06C 0X1Exqn4tBr47MeNxostXmRImSHLFDXl8fuWLA/FenEV0g6p0aCeEazeB8xDt1jc SYlDyXlZRRGXqOCZ30pCxRvBhQJhNwE3uInf6oDjK+OaiSAdoToI7PBZEsVa98tT sZDP6akKxCOHdL39fauaAQaanyoIXlNqUKS71k5KXiyFI+7YY0BN2WD0VpVXZrKV 6drc4QI/Ik0COEtnqQ6EdxtuLMJXYPI5KpHoM30wzh9krUIme5u06lh5knhsiyyw x13X3798wogLhykLTDg806yC+xymLJZqeKykGrwEHzVJkSPJsrPYbPU7UuEHkLIm cGT5Np59SeTHChN19h5HRRHTtZPiPRd+hKChqYNsBJnMHEkPFNRGcRsy8hfKd+J/ CsXv4zD78ByW2tkkb6dHiQIcBAEBCgAGBQJXIyecAAoJEIzhNzUqAZoXcbQQAKqd H+H4eH/dEVI/0EUGXcTzSzjzkfOf4K/1MC+EY5gVN/NPzXV0jat0X4zwyiVgXQLn jkehCfn5eVYgFfPGt401aX0CMcw1Vb3RvUJxd72vWqAj/iKcaDokLSytWvGqSdW8 MqE2vgZoQqe3ezA4Yw13ArTtJAkMONHDT1iLoJSaS5qQfGHlw02JWCemypvzoRqv eMP9pOsfVXjm6rjoVA36d5kkYjdGi1qWhAtOYnjy2FOnmXiL3jeEMa5o9xVbklgD moIlf7sCy88/kcqZ17IO7s/lhEElBO+ajmR+k2Zz96ColzHGJeiyK1PQ6c6WOX8I QoZhyKt9Yc+PsGQSX37ESXIJz8rdUmN/kH/NmVB85rhKD+XXrS3Mmp0fBbleccrh uQhtAnSq0983ma7ZG/IcSz7GYFV+oEJQEQQuqRZluY8/yPGG6kgpv8c3BMs8oF/T wA3w7MYZQtQy7Aq5n0ixIZeABfGrKBENEQR089eQ9rPsfig4QFDoutiGaJW1i8gI 6F77Q9tnS3JoXT+m5wj8Sc+f6X5DdkaZ5DSlLr5+3jUzVxQWcOaEoHmR96wjCr2j A12W6me33CwHxfsIj+VIRNftpvDEqE6RQpQd/NHCnWmjjWhJClBlGEkuUzhw8QjV UnQWeu6YnqfHBflHfM3EIqLm2LD4Ac1czAEEZhtyiQIcBAEBCgAGBQJXIyecAAoJ EJh4Btx1RPV8cbQP/jKNTO7WkfKmyX88hVxpjwp0DCX/6JN3dPDgq5H0OhEuvlx+ EQtmbxfEORvERpL7Gz0uf8TRdgMMlI9J2AKRu43hjHc1chgHd4L8C3ur+mhwGuuS CpfUNHEOQ+d8Y4H2ArKaMs2c8klY4d99im5C2MjOPszjFcMQ3TeuWL84FvPybumR zf0za29dPVic8ai+gd0EbeIUImp7JkDVaWBpwFEJ8tHoQsqK4Unkgk3GNNRJXkzo 6WayogYfYwHNY9nl8OkrTam0u0GcyuejKkoOBF1U4+iMyHmqoRY8uqUaQ0SPT2t6 OV87QyJ98cOUdgFpcZ22juKrLBDQ4BSiLjCONtzp1eGSYvanYMRwwTMcmCo9js1C zt9lWMjxBtzSWVSGiQfD4b1N3y1/T9oMm1hcia7a15qeCq2iLnRApTebjnFVNFVi dQIBVefhrzgQkUDuk/YVT0iyvuEX9BSOvVaLzTtMmFiOfLEDUKrdBCsSWfMEzbWE GujyTMTAlrdGXFVRaRj2jq5hpOTuLlzS9NOtzo00UAi8fOnkx9fHTaLgK5DFLtvP WjErdd5/d9H8/20JvbnSS6IGSkVXbTaDmlsEnaeWbFku84TkGwbnR66PF1RuzXfh 7QRbmUv1Bi0gDUJY3J9C2bZL3fYRuK08cOXJs4DExelTUcKWLXywWDfzFSPC =4P8G -----END PGP SIGNATURE-----