* [gentoo-keys] Re: [gentoo-project] GLEP 63 - was Call for agenda items - Council meeting 2014-03-11
[not found] <CAGfcS_nOShVDxNUeCq2vaCE+RJLSfvMGc2zS0QeOTS404kc7Rg@mail.gmail.com>
@ 2014-03-04 17:28 ` Brian Dolbec
0 siblings, 0 replies; only message in thread
From: Brian Dolbec @ 2014-03-04 17:28 UTC (permalink / raw
To: gentoo-project; +Cc: gentoo-keys
On Tue, 4 Mar 2014 10:02:16 -0500
Rich Freeman <rich0@gentoo.org> wrote:
>
> Certainly an exhaustive set of instructions on using gpg is too much,
> but can we at least get:
> 1. A list of steps that can be followed to generate a key that is
> useful and compliant with the policy.
In gentoo-keys, it will relatively easy to generate a new key and one
subkey using a template [1]. From the pyGPG lib I created and
gentoo-keys wraps, adding more subkeys and other editing is currently
not possible and would require using app-crypt/gpgme. It's companion
pkg, dev-python/pygpgme is not complete, much of the data available was
not provided. It is why I created dev-python/pyGPG in the first place.
I have already tested creating a key and one subkey. So with an
approved gpg key spec. Basic keys can be easily created. Adding
additional email addresses and additional subkeys is currently not
possible using gpg's template (batch) system or cli non-interactively.
Currently gpg requires editing be done interactively. I will look
into what it might take to use gpgme directly for the additional
functionality needed if pygpgme does not provide it.
> 2. A command that can be supplied with a key ID and tell you if the
> key complies or not.
>
Should be doable with gentoo-keys. I have a team now, they are
getting familiar with the code I've done so far. So, I will get
someone on the task. We just need an approved spec to test against.
3) Add necessary lib functions and a cron job to check and remind of
soon to expire keys. <== already planned
> Right now we just have a bunch of pointers to various websites and a
> set of guidelines, and devs are basically expected to figure it out.
> I think the result of this is going to be a lot of back-and-forth
> trying to get everybody to fix their keys, with new issues cropping up
> all the time.
>
> Rich
>
We have:
irc: #gentoo-keys
mail list: gentoo-keys@lists.gentoo.org
mail alias: gkeys@
bugzie: Gentoo hosted project: gentoo-keys
So, feel free to stop by irc, or mail to the list anything you feel we
need to do, etc.. I have opened a number of bugs for my new team to
work on [2]. It is by no means complete. But feel free to add more
that council thinks are needed.
[1] https://bugs.gentoo.org/show_bug.cgi?id=502052
[2] https://bugs.gentoo.org/buglist.cgi?quicksearch=gentoo-keys&list_id=2253966
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] only message in thread