| 1 |
Following the recent mailing list discussion indicating that developers |
| 2 |
are taking GLEP 63 as only source of truth about OpenPGP keys, and can |
| 3 |
make assumption that if encryption key is not listed there they should |
| 4 |
not have one. Amend the specification to extend it beyond the previous |
| 5 |
limited scope of commit signing, and require an encryption key |
| 6 |
appropriately. This matches the GnuPG defaults. |
| 7 |
|
| 8 |
While at it, add a recommendation that the primary key is certify-only. |
| 9 |
Other usage is implicitly discouraged anyway via requiring subkeys. |
| 10 |
Originally this recommendation was omitted as I wasn't aware that gpg |
| 11 |
had a (hidden) option to change usage of existing keys. |
| 12 |
--- |
| 13 |
glep-0063.rst | 43 +++++++++++++++++++++++++++++-------------- |
| 14 |
1 file changed, 29 insertions(+), 14 deletions(-) |
| 15 |
|
| 16 |
diff --git a/glep-0063.rst b/glep-0063.rst |
| 17 |
index 64fb437..b4bbe62 100644 |
| 18 |
--- a/glep-0063.rst |
| 19 |
+++ b/glep-0063.rst |
| 20 |
@@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@g.o>, |
| 21 |
Michał Górny <mgorny@g.o> |
| 22 |
Type: Standards Track |
| 23 |
Status: Final |
| 24 |
-Version: 2 |
| 25 |
+Version: 2.1 |
| 26 |
Created: 2013-02-18 |
| 27 |
-Last-Modified: 2018-07-21 |
| 28 |
-Post-History: 2013-11-10, 2018-07-03, 2018-07-21 |
| 29 |
+Last-Modified: 2019-02-24 |
| 30 |
+Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 |
| 31 |
Content-Type: text/x-rst |
| 32 |
--- |
| 33 |
|
| 34 |
@@ -28,6 +28,13 @@ OpenPGP key management policies for the Gentoo Linux distribution. |
| 35 |
Changes |
| 36 |
======= |
| 37 |
|
| 38 |
+v2.1 |
| 39 |
+ A requirement for an encryption key has been added, in order to extend |
| 40 |
+ the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev |
| 41 |
+ and user-to-dev communications. |
| 42 |
+ |
| 43 |
+ A recommendation for primary key to be certify-only has been added. |
| 44 |
+ |
| 45 |
v2 |
| 46 |
The distinct minimal and recommended expirations have been replaced |
| 47 |
by a single requirement. The rules have been simplified to use |
| 48 |
@@ -70,22 +77,28 @@ Linux development are sorely needed. This document provides both a set of |
| 49 |
bare minimum requirements and a set of best practice recommendations for |
| 50 |
the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. |
| 51 |
It is intended to provide a basis for future improvements such as, e.g., |
| 52 |
-consistent ebuild or package signing and verifying by end users. |
| 53 |
+consistent ebuild or package signing and verification by end users, |
| 54 |
+and providing secure and authenticated communication channel between users |
| 55 |
+and developers. |
| 56 |
|
| 57 |
Specifications for OpenPGP keys |
| 58 |
=============================== |
| 59 |
|
| 60 |
Bare minimum requirements |
| 61 |
------------------------- |
| 62 |
-This section specifies obligatory requirements for all OpenPGP keys used |
| 63 |
-to commit to Gentoo. Keys that do not conform to those requirements can |
| 64 |
-not be used to commit. |
| 65 |
+This section specifies obligatory requirements for all OpenPGP keys that |
| 66 |
+are used in the context of Gentoo developer actions. All developers |
| 67 |
+are required to have at least one key conforming to those requirements. |
| 68 |
+Keys that do not conform to them can not be used to commit. |
| 69 |
|
| 70 |
1. SHA-2 series output digest (SHA-1 digests internally permitted), |
| 71 |
at least 256-bit. All subkey self-signatures must use this digest. |
| 72 |
|
| 73 |
-2. Signing subkey that is different from the primary key, and does not |
| 74 |
- have any other capabilities enabled. |
| 75 |
+2. a. Signing subkey that is different from the primary key, and does |
| 76 |
+ not have any other capabilities enabled. |
| 77 |
+ |
| 78 |
+ b. Encryption subkey that is different from the primary key, and does |
| 79 |
+ not have any other capabilities enabled. |
| 80 |
|
| 81 |
3. Primary key and the signing subkey are both of type EITHER: |
| 82 |
|
| 83 |
@@ -110,15 +123,17 @@ The developers should follow those practices unless there is a strong |
| 84 |
technical reason not to (e.g. hardware limitations, necessity of replacing |
| 85 |
their primary key). |
| 86 |
|
| 87 |
-1. Primary key and the signing subkey are both of type RSA, 2048 bits |
| 88 |
+1. Primary key has only ``certify`` capability enabled. |
| 89 |
+ |
| 90 |
+2. Primary key and the signing subkey are both of type RSA, 2048 bits |
| 91 |
(OpenPGP v4 key format or later). |
| 92 |
|
| 93 |
-2. Key expiration renewed annually to a fixed day of the year. |
| 94 |
+3. Key expiration renewed annually to a fixed day of the year. |
| 95 |
|
| 96 |
-3. Create a revocation certificate & store it hardcopy offsite securely |
| 97 |
+4. Create a revocation certificate & store it hardcopy offsite securely |
| 98 |
(it's about ~300 bytes). |
| 99 |
|
| 100 |
-4. Encrypted backup of your secret keys. |
| 101 |
+5. Encrypted backup of your secret keys. |
| 102 |
|
| 103 |
Gentoo LDAP |
| 104 |
=========== |
| 105 |
@@ -193,7 +208,7 @@ References |
| 106 |
|
| 107 |
Copyright |
| 108 |
========= |
| 109 |
-Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel, |
| 110 |
+Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel, |
| 111 |
Marissa Fischer, Michał Górny. |
| 112 |
|
| 113 |
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 |
| 114 |
-- |
| 115 |
2.21.0.rc2 |
Archives