1 |
On Fri, 17 Jul 2015 08:36:25 -0400 |
2 |
Rich Freeman <rich0@g.o> wrote: |
3 |
|
4 |
> On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec <dolsen@g.o> |
5 |
> wrote: |
6 |
> > |
7 |
> > I don't know tbh, most are already signed, with the git migration, |
8 |
> > the strongly recommended commit signing will become MANDATORY. |
9 |
> > |
10 |
> > So, we are at 50 devs with valid gpg keys now, with 200 more gpg |
11 |
> > keys listed in LDAP that fail to meet the new spec. PLEASE fix |
12 |
> > them or create new keys... |
13 |
> |
14 |
> How does somebody know whether their key meets the spec or not? I |
15 |
> looked at the gentoo-keys website and didn't see any simple way to |
16 |
> check. |
17 |
> |
18 |
> There was documentation on the gkeys utility for checking keys, but I |
19 |
> ran into a few issues with this. First, it can't be installed on a |
20 |
> stable system with mirrorselect. |
21 |
> |
22 |
> On a clean ~arch stage3 when trying to run "gkeys fetch-seed -C |
23 |
> gentoo-devs" it outputs: |
24 |
> Connector.connect_url(); Failed to retrieve the content from: |
25 |
> https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds |
26 |
> Error was: Invalid header value 'Wed, 15 Jul 2015 17:50:17 GMT\n' |
27 |
> |
28 |
> |
29 |
> After removing the files in /var/lib/gentoo/gkeys/seeds the fetch |
30 |
> works. However, attempting to run "gkeys install-key -C gentoo-devs" |
31 |
> results in: |
32 |
> Found GKEY seeds: |
33 |
> Traceback (most recent call last): |
34 |
> File "/usr/lib/python-exec/python2.7/gkeys", line 50, in <module> |
35 |
> success = main() |
36 |
> File "/usr/lib64/python2.7/site-packages/gkeys/cli.py", line 63, in |
37 |
> __call__ return self.run(args) |
38 |
> File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 303, |
39 |
> in run success, results = func(args) |
40 |
> File "/usr/lib64/python2.7/site-packages/gkeys/actions.py", line |
41 |
> 264, in installkey |
42 |
> self.output(['', gkey], "\n Found GKEY seeds:") |
43 |
> File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 323, |
44 |
> in output_results |
45 |
> print("\n".join([x.pretty_print for x in msg])) |
46 |
> UnicodeEncodeError: 'ascii' codec can't encode character u'\u017b' in |
47 |
> position 1233: ordinal not in range(128) |
48 |
> |
49 |
> |
50 |
|
51 |
Yes, the ssl-fetch issue is fixed with ssl-fetch-0.3 and it is now |
52 |
stabilized. So that conflict is fixed. |
53 |
|
54 |
|
55 |
> It might not hurt to publish the list of keys that fail checks. If |
56 |
> that list is going to be used to block commits then obviously it needs |
57 |
> to be updated very frequently. I do not know if there are any plans |
58 |
> to block commits with signatures that do not conform to the GLEP. |
59 |
> |
60 |
|
61 |
Yeah, I was thinking of putting up a gkeys spec-check report, but we |
62 |
were (unsuccessfully) trying to get more wiki pages help done on how to |
63 |
fix those issues reported. Before we did such a report. Also I need |
64 |
to make another release, currently gkeys-9999 and gkeys-gen-999 is the |
65 |
best option with the most fixes, best functionality. Hopefully I'll |
66 |
get those release this weekend. |
67 |
|
68 |
-- |
69 |
Brian Dolbec <dolsen> |