From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F07E41382C5 for ; Fri, 18 Dec 2020 16:08:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C0A3E09AB; Fri, 18 Dec 2020 16:08:44 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EB5F5E0982 for ; Fri, 18 Dec 2020 16:08:43 +0000 (UTC) Message-ID: <00bbc8734268eb31c27bc1dd76c0b287a7e09382.camel@gentoo.org> Subject: Re: [gentoo-dev] [PATCH v3] glep-0063: Add section about the Gentoo keyserver From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: Mike Gilbert Date: Fri, 18 Dec 2020 17:08:38 +0100 In-Reply-To: <20201218155623.1849602-1-floppym@gentoo.org> References: <20201217181216.1825482-1-floppym@gentoo.org> <20201218155623.1849602-1-floppym@gentoo.org> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 3e48b951-f4d7-4d03-93a8-f9399dc6dd9f X-Archives-Hash: 37afbc76e9f3aafb3bb92b1bdfdea1cc On Fri, 2020-12-18 at 10:56 -0500, Mike Gilbert wrote: > Signed-off-by: Mike Gilbert > --- > > v3: Fixed typo. >     Added link to keys.gentoo.org. >     Moved SKS upload advice to Recommendations section. >     Added Gentoo keyserver advice to Bare minimum requirements > section. > >  glep-0063.rst | 32 ++++++++++++++++++++++++-------- >  1 file changed, 24 insertions(+), 8 deletions(-) > > diff --git a/glep-0063.rst b/glep-0063.rst > index 82541bd..6997044 100644 > --- a/glep-0063.rst > +++ b/glep-0063.rst > @@ -7,10 +7,10 @@ Author: Robin H. Johnson , >          Michał Górny >  Type: Standards Track >  Status: Final > -Version: 2.1 > +Version: 2.2 >  Created: 2013-02-18 > -Last-Modified: 2019-11-07 > -Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 > +Last-Modified: 2020-12-17 > +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020- > 12-17 >  Content-Type: text/x-rst >  --- >   > @@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo > Linux distribution. >  Changes >  ======= >   > +v2.2 > +  Added information about the Gentoo keyserver. > + >  v2.1 >    A requirement for an encryption key has been added, in order to > extend >    the GLEP beyond commit signing and into use of OpenPGP for dev-to- > dev > @@ -114,7 +117,7 @@ Keys that do not conform to them can not be used > to commit. >   >  6. UID using your ``@gentoo.org`` e-mail included in the key. >   > -7. Upload your key to the SKS keyserver rotation before usage! > +7. Keys must be uploaded to the Gentoo keyserver. >   >  Recommendations >  --------------- > @@ -135,8 +138,13 @@ their primary key). >   >  5. Encrypted backup of your secret keys. >   > +6. Upload to SKS or another public keyserver pool. > + > +Gentoo Infrastructure > +===================== > + >  Gentoo LDAP > -=========== > +----------- >   >  All Gentoo developers must list the complete fingerprint for their > primary >  keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 > hex digits, > @@ -147,6 +155,14 @@ of the fingerprint field. In any place that > presently displays >  the "``gpgkey``" field, the last 16 hex digits of the fingerprint > should >  be displayed instead. >   > +Gentoo Keyserver > +---------------- > + > +Gentoo infrastructure uses a keyserver that is isolated from the SKS > pool. > +This keyserver is restricted to accepting uploads from authorized > Gentoo hosts. > +Instructions for uploading keys to this server may be found at > +https://keys.gentoo.org/. > + >  Backwards Compatibility >  ======================= >   > @@ -212,6 +228,6 @@ Copyright >  Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel, >  Marissa Fischer, Michał Górny. >   > -This work is licensed under the Creative Commons Attribution- > ShareAlike 3.0 > -Unported License.  To view a copy of this license, visit > -https://creativecommons.org/licenses/by-sa/3.0/. > +This work is licensed under the Creative Commons Attribution- > ShareAlike 4.0 > +International License.  To view a copy of this license, visit > +https://creativecommons.org/licenses/by-sa/4.0/. LGTM. Thanks! -- Best regards, Michał Górny