From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 40ABF1581F3 for ; Fri, 29 Nov 2024 18:31:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BDC34E07E1; Fri, 29 Nov 2024 18:31:38 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B6276E07D4 for ; Fri, 29 Nov 2024 18:31:37 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F21ED342FA2 for ; Fri, 29 Nov 2024 18:31:36 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) by grubbs.orbis-terrarum.net (Postfix) with ESMTP id 86A7E2601A2 for ; Fri, 29 Nov 2024 18:31:36 +0000 (UTC) Received: (qmail 407789 invoked by uid 10000); 29 Nov 2024 18:31:36 -0000 Date: Fri, 29 Nov 2024 18:31:36 +0000 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH v2 1/2] sec-keys.eclass: new eclass Message-ID: References: <20241127203042.1503004-1-eschwartz@gentoo.org> <20241128043320.1562802-1-eschwartz@gentoo.org> <20241128043320.1562802-2-eschwartz@gentoo.org> <0296ba81-8379-4030-896c-4722cc768d4a@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2Tm1TBXPaqWAO5A1" Content-Disposition: inline In-Reply-To: <0296ba81-8379-4030-896c-4722cc768d4a@gentoo.org> X-Archives-Salt: 179e44a3-b3a1-4bf9-9a10-dacfb45c2fc2 X-Archives-Hash: 4cbd19a69fb04ec7230b586054adcf52 --2Tm1TBXPaqWAO5A1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 28, 2024 at 10:36:36AM -0500, Eli Schwartz wrote: > This doesn't test a useful property. >=20 > People cannot "remove" compromised keys from a keyserver to begin with. > If they did, then checking to build the package with GENTOO_MIRRORS=3D > DISTDIR=3D$(mktemp -d) is a significantly more useful test. =46rom a technical perspective, that depends on the keyserver design. But the canonical "why" is GDPR Article 17 - right-to-erasure. Hockeypuck even ships a script to make it easy for admins to delete keys: https://github.com/hockeypuck/hockeypuck/blob/5cc0fffe46f44986cbf78a554ab48= 2e3baaa5143/contrib/docker-compose/standalone/README.md?plain=3D1#L177-L190 There is another more obvious reason why a key might vanish from a keyserver: ephemeral & eventually consistent state The SKS server implementation is sufficiently unreliable** for keys.gentoo.org that one node occasionally corrupts it's database, and I have a script that rebuilds it. If a key is uploaded to a node, and NOT yet propagated to other nodes before the corruption event, this could lead to the appearance of a key being removed. The SKS network, when it still ran, also provided an eventually consistent behaviour, such that a series of rapid queries to the DNS rotation might not always return the same data for a given key if changes to that key were in flight. ** Yes, one of the gentoo nodes is running Hockeypuck now, and I hope to replace all of SKS with Hockeypuck in future, but it's not quite the same yet. --=20 Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 --2Tm1TBXPaqWAO5A1 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iQKTBAABCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAmdKCIZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsROUhAAqTI5u7CwthteDxJUcHplpEQFSGLmQ73RO5yiqX3RRkbq6tZQgUhm5wsh SmsLaDx3Q5LKxWCevaDFXtKqL9DctEkD5QSw3td3PHsg7nNU77Upd/f7Tps9GEhz aQkcInSjM5ndQeFFAx6I5kFuBjRET7ZzCs8ITMs7VlDZIRnoekWVqllwIFAy649r NAZE1qXgjksPDx3W9ghLqkCjyBMZhzwPDunvXhnkb8nSOE0oBn4BYcu57v78IHuh TXxCFQWjg+l78bFAfWi/C8oJN+GGtBIeRYzaHEEj+xFEepnEPz/PeJh9hAZGsW9b wEjyHfUa9ZlK7dH5BdNwz/JY0Hg7L3DpO5ozEuSrNyfHOnmSTIPJ+eJGEvaUxNsy YCvEByr1nsWfgcG8E9uSqeKSoNDjlgMhapHyyHZlvfuyALnDPehNtEdi8rB9YXcU UsfHWaDl1bZUC/EWGIjwonnaX7ptqLG1aKkqA14NTBiYrXBcHNeFA5dkWgd5WKhj qYfZkAzLTjdZ8aSFSx/zeiZu1Qbam/ReQVeovlHhvUKeEOKuneo9Rb6ebZWI7hjZ YiWt3HNHwS8J+r2CUArxWe7MvveZbzheVrbMf5z/cIVR1oI0LAcqCH3McGonWoMv C4xMSXTtxpB1nbtClF45VYcGTGR88ad5aLWOvC/urBwXWpnisqo= =j/hg -----END PGP SIGNATURE----- --2Tm1TBXPaqWAO5A1--