How to contact Jacco de Leeuw

My name is pronounced as "Yàhk-ko duh Layw". If you would like to contact me:
snail mail:        Jacco de Leeuw
                  J.C. van Wessemstraat 54
                  1501 VM  Zaandam
                  The Netherlands
home phone:       +31-(0)75-6352068 (family/friends only, please)
mobile phone:     by request (note: phone is mostly off)
PGP public key:    download here or get it from a keyserver
PGP fingerprint:  4CBF 8E95 F3A0 68EB 62D5  1D30 D067 9035 FD37 B537
S/MIME X.509 cert: download here
                  Issued by CAcert (rootCA) to "Jacco J.C. de Leeuw"
WWW homepage:
ICQ number:       1571148

                  jacco two atsign dee dee es dot en el e-mail:           (jacco two atsign dee dee es dot en el)
Your PGP key id :

E-mail is preferred (read fairly often). Due to spam I had to mask my e-mail address a bit. I hope you can still figure out what it is. Note: I am using a spam filter called SpamAssassin. When you send e-mail, please:

Should my spam filter accidentally classify your e-mail as spam (which is rare), your e-mail should stick out when I skim through my spambox.

RPM security

I have made available a couple of RPM packages for the Linux operating system. These can be freely downloaded from my webpage. So how to convince yourself of the authenticity and trustworthiness of these RPMS?

I have signed the RPMS with my PGP key. But that doesn't mean a thing since anyone can make a PGP key and attach a name to it. Before you can trust a PGP key, you'll probably want it signed by other, trustworthy people. Mine has been signed by only a few people. I also have a Thawte Freemail certificate (X.509) with "distinguished name". This means that the certificate contains my name: Thawte has verified my identity on the basis of my passport. If you mail me, I can send you an S/MIME signed e-mail which contains my GPG public key. After importing this key to your keyring, it allows you to check the signatures and the cryptographic checksums on the RPMS with rpm --checksig *.rpm. So if you trust Thawte as a Third Party, you can be sure that that the RPMS were genuinely made by me and that they have not been tampered with on the route between you and me.

Of course, this doesn't say anything about the systems with which I built these RPMS. For all you know they could have been hacked or trojaned. To the best of my knowledge, this is not the case for my systems. Of course, "you know better than to trust a strange RPM". A good article on the security of RPMs on the net can be found here. Source RPMs are always provided by me so you can inspect the source for irregularities. This is just one of the advantages of open source software.


I would like to thank friends and family who donated or lend out hardware to me. Thanks, guys!
Also much appreciated are the comments, suggestions and corrections that I received regarding my webpages.

Back to Jacco's homepage