1 |
On Tue, 4 Mar 2014 10:02:16 -0500 |
2 |
Rich Freeman <rich0@g.o> wrote: |
3 |
|
4 |
> |
5 |
> Certainly an exhaustive set of instructions on using gpg is too much, |
6 |
> but can we at least get: |
7 |
> 1. A list of steps that can be followed to generate a key that is |
8 |
> useful and compliant with the policy. |
9 |
|
10 |
In gentoo-keys, it will relatively easy to generate a new key and one |
11 |
subkey using a template [1]. From the pyGPG lib I created and |
12 |
gentoo-keys wraps, adding more subkeys and other editing is currently |
13 |
not possible and would require using app-crypt/gpgme. It's companion |
14 |
pkg, dev-python/pygpgme is not complete, much of the data available was |
15 |
not provided. It is why I created dev-python/pyGPG in the first place. |
16 |
|
17 |
I have already tested creating a key and one subkey. So with an |
18 |
approved gpg key spec. Basic keys can be easily created. Adding |
19 |
additional email addresses and additional subkeys is currently not |
20 |
possible using gpg's template (batch) system or cli non-interactively. |
21 |
Currently gpg requires editing be done interactively. I will look |
22 |
into what it might take to use gpgme directly for the additional |
23 |
functionality needed if pygpgme does not provide it. |
24 |
|
25 |
|
26 |
> 2. A command that can be supplied with a key ID and tell you if the |
27 |
> key complies or not. |
28 |
> |
29 |
|
30 |
|
31 |
Should be doable with gentoo-keys. I have a team now, they are |
32 |
getting familiar with the code I've done so far. So, I will get |
33 |
someone on the task. We just need an approved spec to test against. |
34 |
|
35 |
|
36 |
3) Add necessary lib functions and a cron job to check and remind of |
37 |
soon to expire keys. <== already planned |
38 |
|
39 |
|
40 |
> Right now we just have a bunch of pointers to various websites and a |
41 |
> set of guidelines, and devs are basically expected to figure it out. |
42 |
> I think the result of this is going to be a lot of back-and-forth |
43 |
> trying to get everybody to fix their keys, with new issues cropping up |
44 |
> all the time. |
45 |
> |
46 |
> Rich |
47 |
> |
48 |
|
49 |
We have: |
50 |
|
51 |
irc: #gentoo-keys |
52 |
mail list: gentoo-keys@l.g.o |
53 |
mail alias: gkeys@ |
54 |
bugzie: Gentoo hosted project: gentoo-keys |
55 |
|
56 |
So, feel free to stop by irc, or mail to the list anything you feel we |
57 |
need to do, etc.. I have opened a number of bugs for my new team to |
58 |
work on [2]. It is by no means complete. But feel free to add more |
59 |
that council thinks are needed. |
60 |
|
61 |
|
62 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=502052 |
63 |
[2] https://bugs.gentoo.org/buglist.cgi?quicksearch=gentoo-keys&list_id=2253966 |
64 |
|
65 |
-- |
66 |
Brian Dolbec <dolsen> |