From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7BACE1382C5 for ; Thu, 17 Dec 2020 19:27:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CB001E091B; Thu, 17 Dec 2020 19:27:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8B1BEE08E8 for ; Thu, 17 Dec 2020 19:27:49 +0000 (UTC) Message-ID: Subject: Re: [gentoo-dev] [PATCH v2] glep-0063: Add section about the Gentoo keyserver From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: Mike Gilbert Date: Thu, 17 Dec 2020 20:27:44 +0100 In-Reply-To: <20201217181216.1825482-1-floppym@gentoo.org> References: <20201217174909.1711154-1-floppym@gentoo.org> <20201217181216.1825482-1-floppym@gentoo.org> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 9d66ee55-2bf9-4341-ad8a-89b13d877c8c X-Archives-Hash: b3d5aaefdb98340b2aabbde95bc9b053 On Thu, 2020-12-17 at 13:12 -0500, Mike Gilbert wrote: > Signed-off-by: Mike Gilbert > --- > > v2: Added "This upload is required in addition to uploading the SKS > pool." > >  glep-0063.rst | 24 ++++++++++++++++++++---- >  1 file changed, 20 insertions(+), 4 deletions(-) > > diff --git a/glep-0063.rst b/glep-0063.rst > index 82541bd..ec465db 100644 > --- a/glep-0063.rst > +++ b/glep-0063.rst > @@ -7,10 +7,10 @@ Author: Robin H. Johnson , >          Michał Górny >  Type: Standards Track >  Status: Final > -Version: 2.1 > +Version: 2.2 >  Created: 2013-02-18 > -Last-Modified: 2019-11-07 > -Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 > +Last-Modified: 2020-12-17 > +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020- > 12-17 >  Content-Type: text/x-rst >  --- >   > @@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo > Linux distribution. >  Changes >  ======= >   > +v2.2 > +  Added "Gentoo Keyserver" section under "Gentoo Infrastructure" > chapter. > + >  v2.1 >    A requirement for an encryption key has been added, in order to > extend >    the GLEP beyond commit signing and into use of OpenPGP for dev-to- > dev > @@ -135,8 +138,11 @@ their primary key). >   >  5. Encrypted backup of your secret keys. >   > +Gentoo Infrstructure T > +==================== > + >  Gentoo LDAP > -=========== > +----------- >   >  All Gentoo developers must list the complete fingerprint for their > primary >  keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 > hex digits, > @@ -147,6 +153,16 @@ of the fingerprint field. In any place that > presently displays >  the "``gpgkey``" field, the last 16 hex digits of the fingerprint > should >  be displayed instead. >   > +Gentoo Keyserver > +---------------- > + > +Gentoo infrastructure uses a keyserver that is isolated from the SKS > pool. > +This keyserver is restricted to accepting uploads from authorized > Gentoo hosts. > +A script is provided on dev.gentoo.org to allow developers to upload > their > +keys. This upload is required in addition to uploading to the SKS > pool. > + > +``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp- > key-upload`` > + >  Backwards Compatibility >  ======================= Thank you for doing this. That said, I'm wondering if we should keep SKS pool at all. Did anyone have any success interacting with it lately? All my attempts of fetching keys are resulting in server errors. -- Best regards, Michał Górny