1 |
Hi, everyone. |
2 |
|
3 |
I'd like to announce that the experimental deployment of Gentoo |
4 |
Authority Keys is now in place. If someone would like to give them |
5 |
a try, Wiki includes instructions for using them [1]. |
6 |
|
7 |
Authority Keys (as defined in GLEP 79 [2]) provide a simple, uniform way |
8 |
of verifying OpenPGP keys belonging to Gentoo developers. Long story |
9 |
short, Infra runs a service that signs developer keys with a single key. |
10 |
You import, verify and trust the key, and you get @gentoo.org UIDs of |
11 |
all active Gentoo devs verified as a result. |
12 |
|
13 |
The primary purpose of developer keys is to provide a better GnuPG- |
14 |
friendly infrastructure for secure communication with developers. It |
15 |
can be used to verify signatures made by developers, and to encrypt mail |
16 |
sent to them. In this regard, it can be used in place of LDAP |
17 |
(available only to Gentoo devs) or gentoo-keys seed files (which require |
18 |
manual updates, and use custom file format). |
19 |
|
20 |
Besides developer key signatures, Authority Keys also provide (manually |
21 |
managed) signatures for other keys used by Infra. Therefore, they |
22 |
provide an alternative to manually verifying key fingerprints against |
23 |
Gentoo website [3]. |
24 |
|
25 |
While technically right now the authenticity of Authority Keys can only |
26 |
be verified against the website [3], I hope that users will start |
27 |
signing them upon verifying, effectively making WoT-based verification |
28 |
possible. Once that happens, we will be able to stop relying on PKI. |
29 |
|
30 |
Currently, the Authority Keys and signed developer keys are available |
31 |
only on the experimental Gentoo keyserver (hkps://keys.gentoo.org). |
32 |
Once both mature a little bit, we should start syncing keys between |
33 |
Gentoo keyserver and SKS, effectively increasing availability of this |
34 |
service. |
35 |
|
36 |
[1]:https://wiki.gentoo.org/wiki/Project:Infrastructure/Authority_Keys |
37 |
[2]:https://www.gentoo.org/glep/glep-0079.html |
38 |
[3]:https://www.gentoo.org/downloads/signatures/ |
39 |
|
40 |
-- |
41 |
Best regards, |
42 |
Michał Górny |