From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8D792138247 for ; Mon, 11 Nov 2013 18:36:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B2A24E0BAD; Mon, 11 Nov 2013 18:35:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 47E9BE0B51; Mon, 11 Nov 2013 18:35:50 +0000 (UTC) Received: from [192.168.1.210] (S010600222de111ff.vc.shawcable.net [96.49.5.156]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dolsen) by smtp.gentoo.org (Postfix) with ESMTPSA id 1E38E33EE89; Mon, 11 Nov 2013 18:35:49 +0000 (UTC) Message-ID: <1384194892.22694.181.camel@big_daddy.dol-sen.ca> Subject: Re: [gentoo-dev] GLEP proposal: Gentoo GPG key policies From: Brian Dolbec To: gentoo-dev@lists.gentoo.org Cc: gentoo-project@lists.gentoo.org Date: Mon, 11 Nov 2013 10:34:52 -0800 In-Reply-To: <1384134351.22694.174.camel@big_daddy.dol-sen.ca> References: <1384134351.22694.174.camel@big_daddy.dol-sen.ca> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-8dYbJEDdBRRG0/u78TwA" X-Mailer: Evolution 3.6.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: 31900daf-08b8-49f3-9572-403747fe68f0 X-Archives-Hash: 6e10e1faedd3cf4656adc9bf1a6cb21e --=-8dYbJEDdBRRG0/u78TwA Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, 2013-11-10 at 17:45 -0800, Brian Dolbec wrote: > On Mon, 2013-11-11 at 00:01 +0000, Robin H. Johnson wrote: > > Gentoo LDAP: > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > All developers must list the complete GPG fingerprint for their root > > keys in the "gpgfingerprint" LDAP field. > >=20 > > It should be exactly 40 hex digits, uppercase, with optional spaces > > every 8 hex digits. Regular expression for validation: ^[[:xdigit]]{8}( > > ?[[:xdigit]]{8}){4}$ > >=20 >=20 > The problem I can see happening allowing the optional spaces is that > currently the fingerpint field is a space separated list of > fingerprints. In the ldap-seeds code used to generate the > developer.seeds file. I am splitting that field data on the spaces to > get a python list of individual fingerprints. There are developers that > have 2 fingerprints listed. If spaces are to be allowed in the > fingerprint then we will need to use and enforce a different separator > to divide the fingerprints. Currently in gentoo-keys I use the ":" as a > separator in the gpgkey and fingerprint fields of the seed file. A "|" > is used to separate the fields of the seed info. >=20 Forget I said the above. I should have re-read my code first. Multiple fingerprints are already returned as a list from python ldap. I already had code in place to condense spaces in the fingerprint before the checks. --=-8dYbJEDdBRRG0/u78TwA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQF8BAABCgBmBQJSgSNMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4Njg4RkQxQ0M3MUMxQzA0RUFFQTQyMzcy MjE0RDkwQTAxNEYxN0NCAAoJECIU2QoBTxfLyMYH/0A0fIXVDuQBRGRDqdSD0qBB HviFcSXUjrhozmq6lG7dvQfg7Bb4wILO3QU0ExPPElDtNq1KNIbl5A/9VYa7NbL6 LIacYDZqpz/MGe74RJac/l2i21BNsqkj40xUKoq1SSSOhLqeEMZ34WxmH7Zadzfa stya5hyNJ94/8OKEKaS9Fccmv676iKeJE0TnaTC9aJYeANRefRc5cfz5FWyuPjKi 6EdPmo0/JdzpUd4jyN++LV66C1vukkhlFyVxFsuqpuvih9ZyHKbi5iAv/A9XRwNQ L7jaiMYpobh1pzo/i09muYcOqjdXjk4hUXMCnn6xDzXWeGFqIqJULxfZyksUFsE= =J1H7 -----END PGP SIGNATURE----- --=-8dYbJEDdBRRG0/u78TwA--