Gentoo Archives: gentoo-commits

From: "Michał Górny" <mgorny@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] data/glep:master commit in: /
Date: Thu, 02 May 2019 16:40:44
Message-Id: 1556775768.6e8b76cf97c599812b443856450fae92d013ec3e.mgorny@gentoo
1 commit: 6e8b76cf97c599812b443856450fae92d013ec3e
2 Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3 AuthorDate: Sun Feb 24 09:18:13 2019 +0000
4 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5 CommitDate: Thu May 2 05:42:48 2019 +0000
6 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=6e8b76cf
7
8 glep-0063: Require encryption subkey, and make primary certify-only
9
10 Following the recent mailing list discussion indicating that developers
11 are taking GLEP 63 as only source of truth about OpenPGP keys, and can
12 make assumption that if encryption key is not listed there they should
13 not have one. Amend the specification to extend it beyond the previous
14 limited scope of commit signing, and require an encryption key
15 appropriately. This matches the GnuPG defaults.
16
17 While at it, add a recommendation that the primary key is certify-only.
18 Other usage is implicitly discouraged anyway via requiring subkeys.
19 Originally this recommendation was omitted as I wasn't aware that gpg
20 had a (hidden) option to change usage of existing keys.
21
22 Closes: https://bugs.gentoo.org/681802
23 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
24
25 glep-0063.rst | 43 +++++++++++++++++++++++++++++--------------
26 1 file changed, 29 insertions(+), 14 deletions(-)
27
28 diff --git a/glep-0063.rst b/glep-0063.rst
29 index aae7dc5..becbadd 100644
30 --- a/glep-0063.rst
31 +++ b/glep-0063.rst
32 @@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@g.o>,
33 Michał Górny <mgorny@g.o>
34 Type: Standards Track
35 Status: Final
36 -Version: 2
37 +Version: 2.1
38 Created: 2013-02-18
39 -Last-Modified: 2018-07-21
40 -Post-History: 2013-11-10, 2018-07-03, 2018-07-21
41 +Last-Modified: 2019-05-02
42 +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24
43 Content-Type: text/x-rst
44 ---
45
46 @@ -28,6 +28,13 @@ OpenPGP key management policies for the Gentoo Linux distribution.
47 Changes
48 =======
49
50 +v2.1
51 + A requirement for an encryption key has been added, in order to extend
52 + the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev
53 + and user-to-dev communications.
54 +
55 + A recommendation for primary key to be certify-only has been added.
56 +
57 v2
58 The distinct minimal and recommended expirations have been replaced
59 by a single requirement. The rules have been simplified to use
60 @@ -70,22 +77,28 @@ Linux development are sorely needed. This document provides both a set of
61 bare minimum requirements and a set of best practice recommendations for
62 the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers.
63 It is intended to provide a basis for future improvements such as, e.g.,
64 -consistent ebuild or package signing and verifying by end users.
65 +consistent ebuild or package signing and verification by end users,
66 +and providing secure and authenticated communication channel between users
67 +and developers.
68
69 Specifications for OpenPGP keys
70 ===============================
71
72 Bare minimum requirements
73 -------------------------
74 -This section specifies obligatory requirements for all OpenPGP keys used
75 -to commit to Gentoo. Keys that do not conform to those requirements can
76 -not be used to commit.
77 +This section specifies obligatory requirements for all OpenPGP keys that
78 +are used in the context of Gentoo developer actions. All developers
79 +are required to have at least one key conforming to those requirements.
80 +Keys that do not conform to them can not be used to commit.
81
82 1. SHA-2 series output digest (SHA-1 digests internally permitted),
83 at least 256-bit. All subkey self-signatures must use this digest.
84
85 -2. Signing subkey that is different from the primary key, and does not
86 - have any other capabilities enabled.
87 +2. a. Signing subkey that is different from the primary key, and does
88 + not have any other capabilities enabled.
89 +
90 + b. Encryption subkey that is different from the primary key, and does
91 + not have any other capabilities enabled.
92
93 3. Primary key and the signing subkey are both of type EITHER:
94
95 @@ -110,15 +123,17 @@ The developers should follow those practices unless there is a strong
96 technical reason not to (e.g. hardware limitations, necessity of replacing
97 their primary key).
98
99 -1. Primary key and the signing subkey are both of type RSA, 2048 bits
100 +1. Primary key has only ``certify`` capability enabled.
101 +
102 +2. Primary key and the signing subkey are both of type RSA, 2048 bits
103 (OpenPGP v4 key format or later).
104
105 -2. Key expiration renewed annually to a fixed day of the year.
106 +3. Key expiration renewed annually to a fixed day of the year.
107
108 -3. Create a revocation certificate & store it hardcopy offsite securely
109 +4. Create a revocation certificate & store it hardcopy offsite securely
110 (it's about ~300 bytes).
111
112 -4. Encrypted backup of your secret keys.
113 +5. Encrypted backup of your secret keys.
114
115 Gentoo LDAP
116 ===========
117 @@ -193,7 +208,7 @@ References
118
119 Copyright
120 =========
121 -Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel,
122 +Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel,
123 Marissa Fischer, Michał Górny.
124
125 This work is licensed under the Creative Commons Attribution-ShareAlike 3.0