The Unofficial Fedora Web of Trust is a collection of PGP/GnuPG keys that Fedora contributors use when working with Fedora. The WoT should link all contributors together either directly or through other contributors to form a trusted path. This is important in projects, such as Fedora, where most contributors don't actually know or see the people they are working with.
All public keys with a @fedoraproject.org email address and that are uploaded to either the nb's keyserver.
The keyring is not available just yet.
We can actually see what the WoT looks like by drawing charts showing connections (signatures) between keys. The more signatures you have on your key and the more keys you sign will better connect you to the WoT.
Web of Trust diagram updated 7 January 2012
What if you don't see yourself on the diagram? Not too worry, you just haven't had your key signed by anyone in the Fedora Web of Trust. Your key will show up on the diagram when it has been signed and uploaded to one of the key servers.
I'm glad you asked! Being included
Step One - Install GnuPG..
Step Two - Create your keys. and make sure you include your @fedoraproject.org email address.
Step Three - Upload your public key to a keyserver. I recommend using either http://pool.sks-keyservers.net:11371
Step Four - Wait. No, seriously, kick back and relax. I'll have a script that will download all keys containing @fedoraproject.org every night and rebuild the keyring that is posted on this page.
Step Five - Go sign other people's keys with yours and have them sign yours. This builds trust! Better yet, have a key signing party (see below) and create your own WoT!
I started to write a manual on how to have your own key signing party and then I found one already written. Perhaps I'll add on to this one or incorporate it into my guide. Either way, go check out that manual and have fun!
