1 |
commit: 6e8b76cf97c599812b443856450fae92d013ec3e |
2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Feb 24 09:18:13 2019 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 2 05:42:48 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=6e8b76cf |
7 |
|
8 |
glep-0063: Require encryption subkey, and make primary certify-only |
9 |
|
10 |
Following the recent mailing list discussion indicating that developers |
11 |
are taking GLEP 63 as only source of truth about OpenPGP keys, and can |
12 |
make assumption that if encryption key is not listed there they should |
13 |
not have one. Amend the specification to extend it beyond the previous |
14 |
limited scope of commit signing, and require an encryption key |
15 |
appropriately. This matches the GnuPG defaults. |
16 |
|
17 |
While at it, add a recommendation that the primary key is certify-only. |
18 |
Other usage is implicitly discouraged anyway via requiring subkeys. |
19 |
Originally this recommendation was omitted as I wasn't aware that gpg |
20 |
had a (hidden) option to change usage of existing keys. |
21 |
|
22 |
Closes: https://bugs.gentoo.org/681802 |
23 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
24 |
|
25 |
glep-0063.rst | 43 +++++++++++++++++++++++++++++-------------- |
26 |
1 file changed, 29 insertions(+), 14 deletions(-) |
27 |
|
28 |
diff --git a/glep-0063.rst b/glep-0063.rst |
29 |
index aae7dc5..becbadd 100644 |
30 |
--- a/glep-0063.rst |
31 |
+++ b/glep-0063.rst |
32 |
@@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@g.o>, |
33 |
Michał Górny <mgorny@g.o> |
34 |
Type: Standards Track |
35 |
Status: Final |
36 |
-Version: 2 |
37 |
+Version: 2.1 |
38 |
Created: 2013-02-18 |
39 |
-Last-Modified: 2018-07-21 |
40 |
-Post-History: 2013-11-10, 2018-07-03, 2018-07-21 |
41 |
+Last-Modified: 2019-05-02 |
42 |
+Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 |
43 |
Content-Type: text/x-rst |
44 |
--- |
45 |
|
46 |
@@ -28,6 +28,13 @@ OpenPGP key management policies for the Gentoo Linux distribution. |
47 |
Changes |
48 |
======= |
49 |
|
50 |
+v2.1 |
51 |
+ A requirement for an encryption key has been added, in order to extend |
52 |
+ the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev |
53 |
+ and user-to-dev communications. |
54 |
+ |
55 |
+ A recommendation for primary key to be certify-only has been added. |
56 |
+ |
57 |
v2 |
58 |
The distinct minimal and recommended expirations have been replaced |
59 |
by a single requirement. The rules have been simplified to use |
60 |
@@ -70,22 +77,28 @@ Linux development are sorely needed. This document provides both a set of |
61 |
bare minimum requirements and a set of best practice recommendations for |
62 |
the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. |
63 |
It is intended to provide a basis for future improvements such as, e.g., |
64 |
-consistent ebuild or package signing and verifying by end users. |
65 |
+consistent ebuild or package signing and verification by end users, |
66 |
+and providing secure and authenticated communication channel between users |
67 |
+and developers. |
68 |
|
69 |
Specifications for OpenPGP keys |
70 |
=============================== |
71 |
|
72 |
Bare minimum requirements |
73 |
------------------------- |
74 |
-This section specifies obligatory requirements for all OpenPGP keys used |
75 |
-to commit to Gentoo. Keys that do not conform to those requirements can |
76 |
-not be used to commit. |
77 |
+This section specifies obligatory requirements for all OpenPGP keys that |
78 |
+are used in the context of Gentoo developer actions. All developers |
79 |
+are required to have at least one key conforming to those requirements. |
80 |
+Keys that do not conform to them can not be used to commit. |
81 |
|
82 |
1. SHA-2 series output digest (SHA-1 digests internally permitted), |
83 |
at least 256-bit. All subkey self-signatures must use this digest. |
84 |
|
85 |
-2. Signing subkey that is different from the primary key, and does not |
86 |
- have any other capabilities enabled. |
87 |
+2. a. Signing subkey that is different from the primary key, and does |
88 |
+ not have any other capabilities enabled. |
89 |
+ |
90 |
+ b. Encryption subkey that is different from the primary key, and does |
91 |
+ not have any other capabilities enabled. |
92 |
|
93 |
3. Primary key and the signing subkey are both of type EITHER: |
94 |
|
95 |
@@ -110,15 +123,17 @@ The developers should follow those practices unless there is a strong |
96 |
technical reason not to (e.g. hardware limitations, necessity of replacing |
97 |
their primary key). |
98 |
|
99 |
-1. Primary key and the signing subkey are both of type RSA, 2048 bits |
100 |
+1. Primary key has only ``certify`` capability enabled. |
101 |
+ |
102 |
+2. Primary key and the signing subkey are both of type RSA, 2048 bits |
103 |
(OpenPGP v4 key format or later). |
104 |
|
105 |
-2. Key expiration renewed annually to a fixed day of the year. |
106 |
+3. Key expiration renewed annually to a fixed day of the year. |
107 |
|
108 |
-3. Create a revocation certificate & store it hardcopy offsite securely |
109 |
+4. Create a revocation certificate & store it hardcopy offsite securely |
110 |
(it's about ~300 bytes). |
111 |
|
112 |
-4. Encrypted backup of your secret keys. |
113 |
+5. Encrypted backup of your secret keys. |
114 |
|
115 |
Gentoo LDAP |
116 |
=========== |
117 |
@@ -193,7 +208,7 @@ References |
118 |
|
119 |
Copyright |
120 |
========= |
121 |
-Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel, |
122 |
+Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel, |
123 |
Marissa Fischer, Michał Górny. |
124 |
|
125 |
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 |