From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-93219-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id ED7A41382C5
	for <garchives@archives.gentoo.org>; Thu, 17 Dec 2020 18:44:56 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7F437E08BF;
	Thu, 17 Dec 2020 18:44:54 +0000 (UTC)
Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 52CF0E0893
	for <gentoo-dev@lists.gentoo.org>; Thu, 17 Dec 2020 18:44:54 +0000 (UTC)
Received: by mail-lf1-f49.google.com with SMTP id y19so60044394lfa.13
        for <gentoo-dev@lists.gentoo.org>; Thu, 17 Dec 2020 10:44:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=5jmULfvl83nE3DVwOiBG5qo2NKW0M8uQ7EdtoNZO6w0=;
        b=tVOHLFiSz7JVgkAusU/0QnEYnLB2YFyrZaL0aBCAgFGNiTbno5CnW4L9aAGBL/TTxf
         E48tJ5p8Ya/0iMWA2E2vYgLP/ikiFgKHx/Vl5nMkxlSAh+363l55hiQ1vo2ZPbgye/g2
         iljGspdV0pspdMHRRBiTOxrMitOD3LfrXzt7XvqHcEV+7zXknWImnQxmMlMWDL6d5oRi
         KwwJ7ijc8giJz0S0UA0MMlggB18FdUD8sxx5Y0WZtserC0afsK5eAKTBHAOj5y4IIb7B
         vravbmxKNjeEYJ1h5GZT8JdmABkqAVZZGa+AtyGNmguDgtAO0GQEZj/TH9lYJ6NOgS6k
         M/rA==
X-Gm-Message-State: AOAM533u7qXi/3imhN0WDfQHFw80m7vP0pyZ+t1To/GkX5F4N569dzOI
	fLHFqa/pFkGxXpQDLGW/qlca3ZM9HI1Z25pRL+F1ySnr
X-Google-Smtp-Source: ABdhPJzn3EP9bqbiSrw9cRLqKqoqwUHyasb+Lt9H1+A4in3z+lmyopeEK2G9BdbsUX7WoUHhoJwgy3bShTFmLAliTmI=
X-Received: by 2002:a05:651c:8d:: with SMTP id 13mr289934ljq.33.1608230692509;
 Thu, 17 Dec 2020 10:44:52 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <20201217174909.1711154-1-floppym@gentoo.org> <20201217181216.1825482-1-floppym@gentoo.org>
In-Reply-To: <20201217181216.1825482-1-floppym@gentoo.org>
From: Davide Pesavento <pesa@gentoo.org>
Date: Thu, 17 Dec 2020 13:44:36 -0500
Message-ID: <CADfzvvab7E6mcb76KMnz9F7yM+fvxxrx1e_TmmEVMCAu-e14Bg@mail.gmail.com>
Subject: Re: [gentoo-dev] [PATCH v2] glep-0063: Add section about the Gentoo keyserver
To: gentoo-dev@lists.gentoo.org
Cc: Mike Gilbert <floppym@gentoo.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: ace81881-14b1-4422-9085-34436ef6305d
X-Archives-Hash: 5b21a1158a2f642e1eea0d5eb534797d

On Thu, Dec 17, 2020 at 1:12 PM Mike Gilbert <floppym@gentoo.org> wrote:
>
> Signed-off-by: Mike Gilbert <floppym@gentoo.org>
> ---
>
> v2: Added "This upload is required in addition to uploading the SKS pool.=
"
>
>  glep-0063.rst | 24 ++++++++++++++++++++----
>  1 file changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/glep-0063.rst b/glep-0063.rst
> index 82541bd..ec465db 100644
> --- a/glep-0063.rst
> +++ b/glep-0063.rst
> @@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@gentoo.org>,
>          Micha=C5=82 G=C3=B3rny <mgorny@gentoo.org>
>  Type: Standards Track
>  Status: Final
> -Version: 2.1
> +Version: 2.2
>  Created: 2013-02-18
> -Last-Modified: 2019-11-07
> -Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24
> +Last-Modified: 2020-12-17
> +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020-12-17
>  Content-Type: text/x-rst
>  ---
>
> @@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo Linux di=
stribution.
>  Changes
>  =3D=3D=3D=3D=3D=3D=3D
>
> +v2.2
> +  Added "Gentoo Keyserver" section under "Gentoo Infrastructure" chapter=
.
> +
>  v2.1
>    A requirement for an encryption key has been added, in order to extend
>    the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev
> @@ -135,8 +138,11 @@ their primary key).
>
>  5. Encrypted backup of your secret keys.
>
> +Gentoo Infrstructure

Typo.

> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +
>  Gentoo LDAP
> -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +-----------
>
>  All Gentoo developers must list the complete fingerprint for their prima=
ry
>  keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex d=
igits,
> @@ -147,6 +153,16 @@ of the fingerprint field. In any place that presentl=
y displays
>  the "``gpgkey``" field, the last 16 hex digits of the fingerprint should
>  be displayed instead.
>
> +Gentoo Keyserver
> +----------------
> +
> +Gentoo infrastructure uses a keyserver that is isolated from the SKS poo=
l.
> +This keyserver is restricted to accepting uploads from authorized Gentoo=
 hosts.
> +A script is provided on dev.gentoo.org to allow developers to upload the=
ir
> +keys. This upload is required in addition to uploading to the SKS pool.
> +
> +``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp-key-upl=
oad``
> +
>  Backwards Compatibility
>  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> --
> 2.30.0.rc0
>
>

The rest LGTM.

Thanks,
Davide