snail mail: Jacco de Leeuw
J.C. van Wessemstraat 54
1501 VM Zaandam
home phone: +31-(0)75-6352068 (family/friends only, please)
mobile phone: by request (note: phone is mostly off)
PGP public key: download here or get it from a keyserver
PGP fingerprint: 4CBF 8E95 F3A0 68EB 62D5 1D30 D067 9035 FD37 B537
S/MIME X.509 cert: download here
Issued by CAcert (rootCA) to "Jacco J.C. de Leeuw"
WWW homepage: http://www.jacco2.dds.nl
ICQ number: 1571148
e-mail: (jacco two atsign dee dee es dot en el)
E-mail is preferred (read fairly often). Due to spam I had to mask
e-mail address a bit. I hope you can still
figure out what it is. Note: I am using a spam filter called SpamAssassin. When you
Should my spam filter accidentally classify your e-mail as spam
is rare), your e-mail should stick out when I skim through my
I have made available a couple of RPM packages for the Linux operating system. These can be freely downloaded from my webpage. So how to convince yourself of the authenticity and trustworthiness of these RPMS?
I have signed the RPMS with my PGP key. But that doesn't mean a thing since anyone can make a PGP key and attach a name to it. Before you can trust a PGP key, you'll probably want it signed by other, trustworthy people. Mine has been signed by only a few people. I also have a Thawte Freemail certificate (X.509) with "distinguished name". This means that the certificate contains my name: Thawte has verified my identity on the basis of my passport. If you mail me, I can send you an S/MIME signed e-mail which contains my GPG public key. After importing this key to your keyring, it allows you to check the signatures and the cryptographic checksums on the RPMS with rpm --checksig *.rpm. So if you trust Thawte as a Third Party, you can be sure that that the RPMS were genuinely made by me and that they have not been tampered with on the route between you and me.
Of course, this doesn't say anything about the systems with which
built these RPMS. For all you know they could have been hacked or
trojaned. To the best of my knowledge, this is not the case for my
systems. Of course, "you know better than to trust a strange RPM".
good article on the security of RPMs on the net can be found here.
RPMs are always provided by me so you can inspect the
source for irregularities. This is just one of the advantages of
I would like to thank friends and family
who donated or lend out hardware to me. Thanks, guys!
Also much appreciated are the comments, suggestions and corrections that I received regarding my webpages.