| 1 |
On Tue, 4 Mar 2014 10:02:16 -0500 |
| 2 |
Rich Freeman <rich0@g.o> wrote: |
| 3 |
|
| 4 |
> |
| 5 |
> Certainly an exhaustive set of instructions on using gpg is too much, |
| 6 |
> but can we at least get: |
| 7 |
> 1. A list of steps that can be followed to generate a key that is |
| 8 |
> useful and compliant with the policy. |
| 9 |
|
| 10 |
In gentoo-keys, it will relatively easy to generate a new key and one |
| 11 |
subkey using a template [1]. From the pyGPG lib I created and |
| 12 |
gentoo-keys wraps, adding more subkeys and other editing is currently |
| 13 |
not possible and would require using app-crypt/gpgme. It's companion |
| 14 |
pkg, dev-python/pygpgme is not complete, much of the data available was |
| 15 |
not provided. It is why I created dev-python/pyGPG in the first place. |
| 16 |
|
| 17 |
I have already tested creating a key and one subkey. So with an |
| 18 |
approved gpg key spec. Basic keys can be easily created. Adding |
| 19 |
additional email addresses and additional subkeys is currently not |
| 20 |
possible using gpg's template (batch) system or cli non-interactively. |
| 21 |
Currently gpg requires editing be done interactively. I will look |
| 22 |
into what it might take to use gpgme directly for the additional |
| 23 |
functionality needed if pygpgme does not provide it. |
| 24 |
|
| 25 |
|
| 26 |
> 2. A command that can be supplied with a key ID and tell you if the |
| 27 |
> key complies or not. |
| 28 |
> |
| 29 |
|
| 30 |
|
| 31 |
Should be doable with gentoo-keys. I have a team now, they are |
| 32 |
getting familiar with the code I've done so far. So, I will get |
| 33 |
someone on the task. We just need an approved spec to test against. |
| 34 |
|
| 35 |
|
| 36 |
3) Add necessary lib functions and a cron job to check and remind of |
| 37 |
soon to expire keys. <== already planned |
| 38 |
|
| 39 |
|
| 40 |
> Right now we just have a bunch of pointers to various websites and a |
| 41 |
> set of guidelines, and devs are basically expected to figure it out. |
| 42 |
> I think the result of this is going to be a lot of back-and-forth |
| 43 |
> trying to get everybody to fix their keys, with new issues cropping up |
| 44 |
> all the time. |
| 45 |
> |
| 46 |
> Rich |
| 47 |
> |
| 48 |
|
| 49 |
We have: |
| 50 |
|
| 51 |
irc: #gentoo-keys |
| 52 |
mail list: gentoo-keys@l.g.o |
| 53 |
mail alias: gkeys@ |
| 54 |
bugzie: Gentoo hosted project: gentoo-keys |
| 55 |
|
| 56 |
So, feel free to stop by irc, or mail to the list anything you feel we |
| 57 |
need to do, etc.. I have opened a number of bugs for my new team to |
| 58 |
work on [2]. It is by no means complete. But feel free to add more |
| 59 |
that council thinks are needed. |
| 60 |
|
| 61 |
|
| 62 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=502052 |
| 63 |
[2] https://bugs.gentoo.org/buglist.cgi?quicksearch=gentoo-keys&list_id=2253966 |
| 64 |
|
| 65 |
-- |
| 66 |
Brian Dolbec <dolsen> |
Archives