[gentoo-commits] gentoo commit in xml/htdocs/proj/en/releng: index.xml - gentoo-commits

From:	"Robin H. Johnson (robbat2)" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/proj/en/releng: index.xml
Date:	Tue, 01 Sep 2009 22:26:43
Message-Id:	`E1Migd4-0004tI-5M@stork.gentoo.org`

1

robbat2     09/09/02 03:35:26

2

3

  Modified:             index.xml

4

  Log:

5

  Document releng usage of PGP keys.

6

7

Revision  Changes    Path

8

1.118                xml/htdocs/proj/en/releng/index.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?rev=1.118&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?rev=1.118&content-type=text/plain

12

diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?r1=1.117&r2=1.118

13

14

Index: index.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/releng/index.xml,v

17

retrieving revision 1.117

18

retrieving revision 1.118

19

diff -p -w -b -B -u -u -r1.117 -r1.118

20

--- index.xml	24 Sep 2008 17:47:21 -0000	1.117

21

+++ index.xml	2 Sep 2009 03:35:25 -0000	1.118

22

@@ -68,6 +68,83 @@ machines page</uri>.

23

 </extraproject>

24

25

 <extrachapter>

26

+<title>Release security &amp; signing</title>

27

+<section>

28

+<body>

29

+<p>

30

+All release media will have its DIGESTS file signed by one of the <c>Gentoo Linux

31

+Release	Engineering (releng@g.o)</c> PGP keys listed on this page.

32

+The keys are available through the <c>subkeys.pgp.net</c> keyserver. They can

33

+be used to verify that the media is, in fact, the media shipped by Release

34

+Engineering and not from a potential attacker. You will find more detailed

35

+verification instructions in the handbooks for each release.

36

+</p>

37

+

38

+<p>

39

+New keys and changes to existing keys will be announced to the following

40

+Gentoo mailing lists: gentoo-dev-announce, gentoo-announce, gentoo-core.

41

+</p>

42

+

43

+<note>

44

+Releases up to and including 2007.0 had PGP signatures directly on top of the

45

+files. This required large quantities of disk IO for generation on the servers,

46

+and validation on the client side. As such, as of the 2008.0 release, the

47

+DIGESTS file is now signed instead, making verification a two-step process, but

48

+overall much quicker.

49

+</note>

50

+

51

+<pre caption="Obtaining the public key">

52

+$ <i>gpg --keyserver subkeys.pgp.net --recv-keys &lt;key id&gt;</i>

53

+</pre>

54

+

55

+<pre caption="Verify the cryptographic signature">

56

+$ <i>gpg --verify &lt;foo.DIGESTS.asc&gt; &lt;foo.DIGESTS&gt;</i>

57

+</pre>

58

+

59

+<pre caption="Verify the checksum">

60

+$ <i>sha1sum -c &lt;foo.DIGESTS&gt;</i>

61

+</pre>

62

+

63

+<table>

64

+<tr>

65

+<th>Key ID</th>

66

+<th>Key Type</th>

67

+<th>Key Fingerprint</th>

68

+<th>Key Description</th>

69

+<th>Notes</th>

70

+</tr>

71

+

72

+<tr>

73

+<ti>0x239C75C4</ti>

74

+<ti>1024-bit DSA</ti>

75

+<ti>AE54 54F9 67B5 6AB0 9AE1  6064 0838 C26E 239C 75C4</ti>

76

+<ti>Gentoo Portage Snapshot Signing Key (Automated Signing Key)</ti>

77

+<ti>Used for daily Portage snapshots.</ti>

78

+</tr>

79

+

80

+<tr>

81

+<ti>0x17072058</ti>

82

+<ti>1024-bit DSA</ti>

83

+<ti>D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058</ti>

84

+<ti>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</ti>

85

+<ti>Used for releases 2004.2-2008.0</ti>

86

+</tr>

87

+

88

+<tr>

89

+<ti>0x2D182910</ti>

90

+<ti>4096-bit RSA</ti>

91

+<ti>13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910</ti>

92

+<ti>Gentoo Linux Release Engineering (Automated Weekly Release Key)</ti>

93

+<ti>Used for automated weekly releases.</ti>

94

+</tr>

95

+

96

+</table>

97

+

98

+</body>

99

+</section>

100

+</extrachapter>

101

+

102

+<extrachapter>

103

 <title>Latest release</title>

104

105

 <section>

1	robbat2 09/09/02 03:35:26
2
3	Modified: index.xml
4	Log:
5	Document releng usage of PGP keys.
6
7	Revision Changes Path
8	1.118 xml/htdocs/proj/en/releng/index.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?rev=1.118&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?rev=1.118&content-type=text/plain
12	diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/releng/index.xml?r1=1.117&r2=1.118
13
14	Index: index.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/releng/index.xml,v
17	retrieving revision 1.117
18	retrieving revision 1.118
19	diff -p -w -b -B -u -u -r1.117 -r1.118
20	--- index.xml 24 Sep 2008 17:47:21 -0000 1.117
21	+++ index.xml 2 Sep 2009 03:35:25 -0000 1.118
22	@@ -68,6 +68,83 @@ machines page</uri>.
23	</extraproject>
24
25	<extrachapter>
26	+<title>Release security & signing</title>
27	+<section>
28	+<body>
29	+<p>
30	+All release media will have its DIGESTS file signed by one of the <c>Gentoo Linux
31	+Release Engineering (releng@g.o)</c> PGP keys listed on this page.
32	+The keys are available through the <c>subkeys.pgp.net</c> keyserver. They can
33	+be used to verify that the media is, in fact, the media shipped by Release
34	+Engineering and not from a potential attacker. You will find more detailed
35	+verification instructions in the handbooks for each release.
36	+</p>
37	+
38	+<p>
39	+New keys and changes to existing keys will be announced to the following
40	+Gentoo mailing lists: gentoo-dev-announce, gentoo-announce, gentoo-core.
41	+</p>
42	+
43	+<note>
44	+Releases up to and including 2007.0 had PGP signatures directly on top of the
45	+files. This required large quantities of disk IO for generation on the servers,
46	+and validation on the client side. As such, as of the 2008.0 release, the
47	+DIGESTS file is now signed instead, making verification a two-step process, but
48	+overall much quicker.
49	+</note>
50	+
51	+<pre caption="Obtaining the public key">
52	+$ <i>gpg --keyserver subkeys.pgp.net --recv-keys <key id></i>
53	+</pre>
54	+
55	+<pre caption="Verify the cryptographic signature">
56	+$ <i>gpg --verify <foo.DIGESTS.asc> <foo.DIGESTS></i>
57	+</pre>
58	+
59	+<pre caption="Verify the checksum">
60	+$ <i>sha1sum -c <foo.DIGESTS></i>
61	+</pre>
62	+
63	+<table>
64	+<tr>
65	+<th>Key ID</th>
66	+<th>Key Type</th>
67	+<th>Key Fingerprint</th>
68	+<th>Key Description</th>
69	+<th>Notes</th>
70	+</tr>
71	+
72	+<tr>
73	+<ti>0x239C75C4</ti>
74	+<ti>1024-bit DSA</ti>
75	+<ti>AE54 54F9 67B5 6AB0 9AE1 6064 0838 C26E 239C 75C4</ti>
76	+<ti>Gentoo Portage Snapshot Signing Key (Automated Signing Key)</ti>
77	+<ti>Used for daily Portage snapshots.</ti>
78	+</tr>
79	+
80	+<tr>
81	+<ti>0x17072058</ti>
82	+<ti>1024-bit DSA</ti>
83	+<ti>D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058</ti>
84	+<ti>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</ti>
85	+<ti>Used for releases 2004.2-2008.0</ti>
86	+</tr>
87	+
88	+<tr>
89	+<ti>0x2D182910</ti>
90	+<ti>4096-bit RSA</ti>
91	+<ti>13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910</ti>
92	+<ti>Gentoo Linux Release Engineering (Automated Weekly Release Key)</ti>
93	+<ti>Used for automated weekly releases.</ti>
94	+</tr>
95	+
96	+</table>
97	+
98	+</body>
99	+</section>
100	+</extrachapter>
101	+
102	+<extrachapter>
103	<title>Latest release</title>
104
105	<section>

Gentoo Archives: gentoo-commits