From: "Aaron W. Swenson" <titanofold@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH v2] glep-0063: Add section about the Gentoo keyserver
Date: Thu, 17 Dec 2020 15:03:56 -0500 [thread overview]
Message-ID: <X9u5rDcA0Js9/k6/@gsmrlinux2> (raw)
In-Reply-To: <20201217181216.1825482-1-floppym@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 2939 bytes --]
On Thu, Dec 17, 2020 at 01:12:16PM -0500, Mike Gilbert wrote:
>Signed-off-by: Mike Gilbert <floppym@gentoo.org>
>---
>
>v2: Added "This upload is required in addition to uploading the SKS pool."
>
> glep-0063.rst | 24 ++++++++++++++++++++----
> 1 file changed, 20 insertions(+), 4 deletions(-)
>
>diff --git a/glep-0063.rst b/glep-0063.rst
>index 82541bd..ec465db 100644
>--- a/glep-0063.rst
>+++ b/glep-0063.rst
>@@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@gentoo.org>,
> Michał Górny <mgorny@gentoo.org>
> Type: Standards Track
> Status: Final
>-Version: 2.1
>+Version: 2.2
> Created: 2013-02-18
>-Last-Modified: 2019-11-07
>-Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24
>+Last-Modified: 2020-12-17
>+Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020-12-17
> Content-Type: text/x-rst
> ---
>
>@@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo Linux distribution.
> Changes
> =======
>
>+v2.2
>+ Added "Gentoo Keyserver" section under "Gentoo Infrastructure" chapter.
>+
> v2.1
> A requirement for an encryption key has been added, in order to extend
> the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev
>@@ -135,8 +138,11 @@ their primary key).
>
> 5. Encrypted backup of your secret keys.
>
>+Gentoo Infrstructure
>+====================
>+
> Gentoo LDAP
>-===========
>+-----------
>
> All Gentoo developers must list the complete fingerprint for their primary
> keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits,
>@@ -147,6 +153,16 @@ of the fingerprint field. In any place that presently displays
> the "``gpgkey``" field, the last 16 hex digits of the fingerprint should
> be displayed instead.
>
>+Gentoo Keyserver
>+----------------
>+
>+Gentoo infrastructure uses a keyserver that is isolated from the SKS pool.
>+This keyserver is restricted to accepting uploads from authorized Gentoo hosts.
>+A script is provided on dev.gentoo.org to allow developers to upload their
>+keys. This upload is required in addition to uploading to the SKS pool.
>+
>+``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp-key-upload``
>+
> Backwards Compatibility
> =======================
>
>--
>2.30.0.rc0
>
>
Thanks for doing this! You beat me to the punch. I was going to try getting to
it tomorrow.
It may be good to also change step 7 under "Bare minimum requirements" to read:
7. Upload your key to the Gentoo Keyserver before usage!
It'd give skimmers a trigger to look for the Gentoo keyserver info.
We might want to add "Upload to the SKS or some other public PGP pool" under
"Recommendations", but that's probably beyond the scope of the document now.
Lastly, should we have a link to the step-by-step guide? [1]
[1]: https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 358 bytes --]
next prev parent reply other threads:[~2020-12-17 20:04 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-17 17:49 [gentoo-dev] [PATCH] glep-0063: Add section about the Gentoo keyserver Mike Gilbert
2020-12-17 17:58 ` Robin H. Johnson
2020-12-17 18:12 ` [gentoo-dev] [PATCH v2] " Mike Gilbert
2020-12-17 18:44 ` Davide Pesavento
2020-12-17 19:34 ` Mike Gilbert
2020-12-17 19:27 ` Michał Górny
2020-12-17 19:41 ` Robin H. Johnson
2020-12-17 20:03 ` Aaron W. Swenson [this message]
2020-12-17 20:15 ` Mike Gilbert
2020-12-17 20:21 ` Michał Górny
2020-12-17 21:31 ` Ulrich Mueller
2020-12-17 21:38 ` Mike Gilbert
2020-12-17 22:03 ` Ulrich Mueller
2020-12-17 22:10 ` Mike Gilbert
2020-12-18 7:45 ` Ulrich Mueller
2020-12-18 19:04 ` Mike Gilbert
2020-12-17 23:58 ` Thomas Deutschmann
2020-12-18 0:24 ` Mike Gilbert
2020-12-18 0:46 ` Thomas Deutschmann
2020-12-18 15:56 ` [gentoo-dev] [PATCH v3] " Mike Gilbert
2020-12-18 16:08 ` Michał Górny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X9u5rDcA0Js9/k6/@gsmrlinux2 \
--to=titanofold@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox