-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Joining the Qubes Team as Community Manager =========================================== Andrew David Wong | 2016-04-29 I'm pleased to announce that I've joined the Qubes team in a part-time role as Community Manager. I consider it an honor to have the opportunity to work with such a talented team of individuals and to serve such a dynamic community. As the Community Manager, I'll primarily be responsible for things like handling user feedback, organizing bug reports, tracking community-developed features, and facilitating community contributions to the codebase. (As with any small project, however, we all wear many hats, so if there's ever anything Qubes-related I can help you with, please let me know.) I've been active in the Qubes community for several years now under the pseudonym "Axon," primarily writing documentation and helping to maintain the Qubes website in my spare time as a volunteer (which I plan to continue doing alongside my new role). In joining the Qubes team more officially, however, I've decided to retire my pseudonym and to begin using my real identity. I consider myself fortunate to be in a position to make this choice. For me, the decision to use a pseudonym was based primarily on considerations of personal privacy. For many other people around the world, however, pseudonymous and anonymous communication is a matter of life and death. This is one reason that I believe Qubes OS - -- and especially its partnership with Whonix -- is so important: it allows for the secure compartmentalization of these various contextual identities (along with all the other areas of one's digital life) in ways which would not otherwise be possible. More importantly, however, it freely puts this control in the hands of individual users. Admittedly, it currently takes a certain kind of user -- one who is sufficiently self-motivated and willing to learn -- to make full use of Qubes OS. This is something we're continually working on. By working to make Qubes accessible to a wider user base, we aim to make strong endpoint security available to everyone, regardless of their level of technical expertise. As computers continue to become increasingly integrated with our lives (and our bodies), the importance of secure computing increases proportionately for all of us. ## Identity Verification ## If you'd like to verify my identity, I'd be happy to help. There are three PGP keys you may wish to authenticate: Key Fingerprint =============================== ================================================== Andrew David Wong (primary) BBAF 910D 1BC9 DDF4 1043 629F BC21 1FCE E9C5 4C53 Axon (retired pseudonym) 746A B6DE 2A02 B5A5 DCBD 3F32 A4EC AE9C 8E97 231E Qubes Documentation Signing Key E11D 15C6 D204 3576 9FFA A456 8CE1 3735 2A01 9A17 You can fetch these keys from my [website][]: $ gpg --fetch \ https://andrewdavidwong.com/adw.asc \ https://andrewdavidwong.com/axon.asc \ https://andrewdavidwong.com/qubes-doc.asc Or import them from my [keys][] repo: $ git clone git://github.com/andrewdavidwong/keys $ gpg --import keys/* Or retrieve them from a public key server: $ gpg --recv \ 0xBBAF910D1BC9DDF41043629FBC211FCEE9C54C53 \ 0x746AB6DE2A02B5A5DCBD3F32A4ECAE9C8E97231E \ 0xE11D15C6D20435769FFAA4568CE137352A019A17 Once you have all three keys, you can check that they've all been level-3 certified by one another: $ gpg --check-sigs \ 0xBBAF910D1BC9DDF41043629FBC211FCEE9C54C53 \ 0x746AB6DE2A02B5A5DCBD3F32A4ECAE9C8E97231E \ 0xE11D15C6D20435769FFAA4568CE137352A019A17 Then, you can verify that this post itself has been signed by all three keys. There are several ways to do this. Since this post is a clearsigned message block, the most obvious way is simply to copy it directly from your browser. Start by telling GPG that you'd like to verify something: $ gpg --verify Next, copy the signed message block from this page to your clipboard. (Extraneous text is fine, so you can simply press `ctrl + A` to select all the text on this page, followed by `ctrl + C`.) Then, simply paste it into your terminal emulator and press `ctrl + D`. GPG will proceed to verify the signatures. Alternatively, you may prefer a [clearsigned, plain text version][clear] of this post. (Perhaps your browser has rendered the text differently, invalidating the signature, or you simply don't want to bother with all that copying and pasting.) After downloading and reviewing the file, you can verify it like so: $ gpg --verify _2016-04-29-community-manager.asc Or download and verify in a single command: $ curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.asc | gpg --verify Another alternative is to verify the [original source file of this post][source] against its [detached signature][sig]. You can download each file, then verify: $ gpg --verify _2016-04-29-community-manager.md.sig 2016-04-29-community-manager.md Or, if you're feeling adventurous, do it all in a single command: $ gpg --verify \ <(curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.md.sig) \ <(curl https://raw.githubusercontent.com/QubesOS/qubes-posts/master/2016-04-29-community-manager.md) Then, you can verify the three tags on the commit for this post -- each one singed by its respective key: $ git clone git://github.com/QubesOS/qubes-posts.git $ cd qubes-posts/ $ git verify-tag adw $ git verify-tag axon $ git verify-tag qubes-doc-adw Finally, you can verify my Qubes Documentation Signing Key signature on the commit itself: $ git verify-commit `git rev-list -n 1 adw` With any luck, you're now convinced that all three keys belong to the same person and that this person is the author of the words you're reading. For other objects signed by these keys, feel free to check out my signed commits to the Qubes [website][web-repo] and [documentation][doc-repo] repos, my signed emails to the [mailing lists], and the proofs available from my [Keybase][] profile. You're also welcome to contact me privately (e.g., to request key authentication through alternative channels). For personal correspondence, `adw@andrewdavidwong.com` functions as both an [email][adw-email] address and an [XMPP][adw-xmpp] address. My [OTR][] key fingerprint is: 1A5F4647 4CEEA362 4F740943 D4F40D4F CC1116CB Please direct all Qubes-specific correspondence to [adw@qubes-os.org][]. Finally, please note that since I'm no longer using the "Axon" pseudonym, I'll begin using my primary key (`0xBC211FCEE9C54C53`) instead of the Axon key (`0xA4ECAE9C8E97231E`) for everything except Qubes documentation signing. I intend to allow the latter's active subkeys to expire without renewal on 2016-10-03. Thanks for reading! [website]: https://andrewdavidwong.com/ [keys]: https://github.com/andrewdavidwong/keys [clear]: https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.asc [source]: https://raw.githubusercontent.com/QubesOS/qubes-posts/master/2016-04-29-community-manager.md [sig]: https://raw.githubusercontent.com/QubesOS/qubes-posts/master/_2016-04-29-community-manager.md.sig [web-repo]: https://github.com/QubesOS/qubesos.github.io [doc-repo]: https://github.com/QubesOS/qubes-doc [mailing lists]: https://www.qubes-os.org/mailing-lists/ [Keybase]: https://keybase.io/adw [adw-email]: mailto:adw@andrewdavidwong.com [adw-xmpp]: xmpp:adw@andrewdavidwong.com [OTR]: https://en.wikipedia.org/wiki/Off-the-Record_Messaging [adw@qubes-os.org]: mailto:adw@qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXIyf/AAoJENtN07w5UDAwFVwP/3J22WWNSkAM6iA+89MFdU6A Xe7RsrtquicJDKvZupTQwURUVYh6n76tkWsEGvrHKCrAF01JWX8XQCSDSrwxccmD xuqPzxNliAoFo9w3Sc08sO3/z7uo9Ql6sZ7bW4pwnGWlhUo54627EMZtEOXcWP9U wsPXl/q1C+I6xz6PDVzlZSbv/pR9X39wgaqPhUwW+8fXFD8Aw8Ama7R7DtWNWpud 7h0FzRNJ6tZXU82unyIaIU7C61YP4fYZBoZaMCF48fBHrd4y5+4gqhyXx8GS/eK5 Jyre8PNPmqeKvGg4SWWyuE+RZbgck2/0xPXXAWPuwOPi6Sz/6n1cxqBJjpdl16GL IsF6rvxaCsiIi+ohFtcPAJFCKNx6Y8H0SNxsLZDpjk5rXd45/v116FIXkIep5PZR uBArnePgDIw4p0X0UTTs66TkAbpKWf4QRvczZXXKuhofzS7Y3aRhqJvhEstZNhTe V43tiQPXlTJU7Tb2p0V8z/flOZAEPUObcCwAkx0xXUmbW3AdYaWg8ZwS3bglFmuf +Hf/FISAi6J1FLlbqA8g4l8MRrl9zmlqUIiFO213RCZ3ttkgOyNIB9XpaR3AMe3r TMiWuml/6IvXAUmtKWjXr0GiUkEB6j+ABgnP0meDiwyx5HDwaFUfO8xPQgMxolic RcNSoaPdcWo2pguh6rmSiQIcBAEBCgAGBQJXIyf/AAoJEIzhNzUqAZoXFVwP+gKb ddniu4YrB2TWaIOAvR8CZBCPv85fUXSynTjFNr1XihGarwX0PpUzAipeWf5XpJoD mmQY1a14mZ79/UdZ+vEQBZfFIT3+oj8ykqjaicDwYfOskVtk/RHYj/OGelehYclP zNikseUFsJUYK1s4OP2MRPwAXq2HV08sYXVpMnYC9N645Dtjj7DqAP/X20j4ToDH 7y4NDLl15Re9EynJyI6NjNGWBPy13z3scDLZAWPIpVHz/z3j0sDZATttHGM+wyTr cKpFQ/Cvvq1iEJBrlwJo4Igy5TQMrX/zpTU2raS1xyG8l6J27n26q9XSd1GQu4aX EIijx3iQsXRaYI7Dh66KIL9c0OAhGiQlqx8xWOCYrvALbS+tC1fodi1Y+c+MT9Y6 okSjqXsuUsodaH1bbHUc+BuAB4butNy/YDpMkThZBh5j/wgxWLbxmc2LeIFcLNzT 9Zh+oJ09DhSglep4RrOWne/NvPSAUkAdbxYXoo4KW2txgbMO7FDgVE1usLPu4lNC ALbj1wK3yeDsyY1gKLvRqLH56Q3zRsZ9uBSVZOfP8iX/v9mQRESpqqbyCYgLVINF GM8iiQqpoyXqFmwLVF95G1cOD01Us4Rs18pmN7h/4H3fLXOhlsS+4j4zyvtEG0v9 kGQePwpCPWdvJoO8nsW7iylKEsxLIHUiPfqB0mU+iQIcBAEBCgAGBQJXIyf/AAoJ EJh4Btx1RPV8FVwQAMu4WBH8ov8RF8DEIYPOULT9C5XW9i7k8nfN1U4cwRtvOGSp rERSgKXw9S7F+Pxsx56ZrBZRFFBLSABu3mNRlbHl9g5bpZpOjwPoYm9E9YKBII1M Me8U7L2eu8f3FY0+m/SrBr6BLiWh7qFCbDJgr3mNkmRr4yD96RjMlho9l0nb5YsO zziVFJ/lOaKjJn/e3DVe1+51zuYuUe2YRuJwfZcc4vArnn4HJSbKyDkHKrIjcFGF wWL0ZSH7VTAshPpVHdz3I1plo3uuCBCwQJmLJ1Aej2FswngJTfY6vlOuRTPgHVl0 O0EqgBW2Liws7JtnGu/MRK64NdKBEosmzdOTiVh3jxFox1PvhCpdGoudwtrTbV/J SoZYi4PSnkQHgwTWvddmDshDnjDxlCtNaNjbAN08UEnhBzlJrlR9F+/HeL5Kk4pt 1hsjMYBhSQ2MNMtsKzRZ8pV52B3taRhDnkb+0Khkt3jJbLG3ya9z4mFgFf/Z5LFp yfuFWItjppwCUjsED3nbYz43kGxPuxeaqLIuxZ7/rFeGpd1mHGmotZB9GXPudbMx rRnwzY3YqeYrTMd+4ZsEH5Z5sSMyqaui4bELWAQur0Tzi79m8vSrdJ15lR2/d6Wl xCvWqMh7Wsk46/qynjg2Us7nNt6f9pbai0Zd+fGncXZ1AXxbfuBm1wDL2RVO =WVdX -----END PGP SIGNATURE-----