Gentoo Archives: gentoo-dev

From: Pavlos Ratis <dastergon@g.o>
To: gentoo-dev-announce@l.g.o, gentoo-dev@l.g.o
Subject: [gentoo-dev] First release of Gentoo Keys
Date: Sun, 11 Jan 2015 13:05:11
Message-Id: CAOgmxWzhtJ=dnEdPeuLFvPODmbjOAWHO=wu8=e5SdO6NQ-BO2w@mail.gmail.com
1 Hello all,
2
3 We're very pleased to announce the first official release of the Gentoo Keys
4 toolkit.
5
6 What is the Gentoo Keys project?
7 =========================
8 Gentoo Keys is a Python based project that aims to manage the OpenPGP keys
9 used for validation on users and Gentoo's infrastructure servers. It is
10 a toolkit that helps the community establish the trust between the users and
11 developers.
12
13 Gentoo Keys can verify OpenPGP keys used for Gentoo's release media,
14 packages and other OpenPGP signed documents, i.e LiveDVDs, LiveCD's ,
15 stage* releases, Gentoo tree ebuild commits, layman repositories list.
16
17 Gentoo Keys project consists of three tools:
18 * gkeys
19 * gkeys-gen
20 * gkeys-ldap.
21
22 Tools
23 ====
24 gkeys-ldap
25 ----------------
26 Is the tool that is going to be used internally in Gentoo infrastructure.
27 It performs LDAP look-ups to all the developers and generates the so
28 called seed files[1].
29
30 gkeys
31 ---------
32 Is the major tool that manages the seed files and the keyrings[2] of the
33 developers. This tool is also going to be used for file signing and
34 verification. In addition it can generate binary keyrings based on selected
35 keys which then can be signed and distributed to the user base.
36
37 gkeys-gen
38 --------------
39 Is the tool that generates OpenPGP keys based on the recommended
40 specifications of the Gentoo council approved GLEP 63[3].
41
42 We have written an extensive guide on how to generate a GLEP 63 based
43 OpenPGP key:
44 https://wiki.gentoo.org/wiki/Project:Gentoo-keys/Generating_GLEP_63_based_OpenPGP_keys
45
46 Glossary
47 =======
48 [1] Seed files: A JSON file that contains the trusted users with their keys.
49 [2] Keyrings: A collection of trusted OpenPGP keys.
50 [3] GLEP 63: https://wiki.gentoo.org/wiki/GLEP:63
51
52 Automated Checks
53 ===============
54 As of today, we insist all the Gentoo Developers to start creating GLEP
55 63 based OpenPGP keys.
56 In the following months we are going to start running a suite of
57 automated checks in all the developers OpenPGP keys.
58
59 Some of the checks are for:
60 * Invalid keys
61 * Expired keys
62 * Revoked keys
63 * GLEP63 requirements for keys
64
65 It is also worth mentioning that the following tools can be used from
66 users too. The Gentoo Keys project also aims to extend the usability of
67 the toolkit to the overlays so everyone can manage their own web of trust
68 and support signed files.
69
70 Installation
71 ========
72 gkeys
73 --------
74 emerge app-crypt/gkeys
75
76 Note: app-crypt/gentoo-keys package contains the Gentoo release
77 keyrings and it is auto-fetched by app-crypt/gkeys package.
78
79 gkeys-gen
80 ---------------
81 emerge app-crypt/gkeys-gen
82
83 Feedback
84 =======
85 For comments and suggestions feel free to contact us
86 in <gkeys AT gentoo DOT org> or join the #gentoo-keys IRC channel on Freenode.
87
88 Patches are always welcome!
89
90 Official project page: https://wiki.gentoo.org/wiki/Project:Gentoo-keys
91 Source code: https://github.com/gentoo/gentoo-keys
92
93 On behalf of the Gentoo Keys team,
94 Pavlos Ratis

Replies

Subject Author
Re: [gentoo-dev] First release of Gentoo Keys Brian Dolbec <dolsen@g.o>