Following, explaining, strengthening the Web of Trust in the Debian keyrings
Description of the project:
I have been trying to get some interesting data out of doing historical analysis of our keyring, as well as adding some health checks on it, getting some indicators, maybe see whether we are heading in the right direction or there is something we are missing. I have been quite short on time, so my work has slept for months.
I am targetting getting two kinds of output: On one side, something useful for Debian, both as documentation regarding our practices and the aforementioned keyring health indicators. On the other side, I want to get some publishable results; for that, I have been working a bit with people at my universities (on one, I am a teacher, on the other, I'm a graduate student). But any extra pair of hands and eyes, plus a keen set of neurons linking them together, might prove very useful.
I have not shared much of my work even with the keyring-maint team itself (of which I am a part); I have at least one script that does interesting work, but is soooooo slow and suboptimal I'm rather interested in rewriting it from scratch. Anyway, I do have two bits of (very preliminary) output that can show approximately where I want this to be heading (both in Spanish, covering very similar work):
Poster presented at a local conference: "Strengthening the web of trust in a geographically distributed project' (oct 2015), http://ru.iiec.unam.mx/2767/
Corresponding presentation; very similar contents, in a presentation format, as well as a (partly cut
) video are available at https://congreso.seguridad.unam.mx/2015/conferencia/fortalecimiento-del-llavero-de-confianza-en-un-proyecto-geogr%C3%A1ficamente-distribuido
Confirmed Mentor: Gunnar Wolf
How to contact the mentor: Mail: gwolf@debian.org
Confirmed co-mentors: Jonathan ?McDowell
Deliverables of the project:
Documentation, both in the form of informal reports or semi-HOWTOs (i.e. https://sources.debian.net/src/debian-keyring/2016.01.20/cheatsheets/keyring/ ) and hopefully of more formal (schoolarly) articles regarding the gained insights.
Desirable skills:
- Good familiarity with Git, GnuPG, and a scripting language we will use for data extraction (probably Ruby, as that's where we are starting from, but others are possible)
- Basic to medium knowledge of the output processing tools (Gruff, Graphviz, LaTeX)
What the intern will learn:
- Better understanding on how the trust keyrings in Debian are handled, particularly what migrations mean, and what is needed to keep them trustable
Some insight on technical, but also psychological and sociological tools on social networks (on the "traditional" sense, not regarding the social networks website companies
)