On Thu, Dec 17, 2020 at 1:12 PM Mike Gilbert <flop...@gentoo.org> wrote: > > Signed-off-by: Mike Gilbert <flop...@gentoo.org> > --- > > v2: Added "This upload is required in addition to uploading the SKS pool." > > glep-0063.rst | 24 ++++++++++++++++++++---- > 1 file changed, 20 insertions(+), 4 deletions(-) > > diff --git a/glep-0063.rst b/glep-0063.rst > index 82541bd..ec465db 100644 > --- a/glep-0063.rst > +++ b/glep-0063.rst > @@ -7,10 +7,10 @@ Author: Robin H. Johnson <robb...@gentoo.org>, > Michał Górny <mgo...@gentoo.org> > Type: Standards Track > Status: Final > -Version: 2.1 > +Version: 2.2 > Created: 2013-02-18 > -Last-Modified: 2019-11-07 > -Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 > +Last-Modified: 2020-12-17 > +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020-12-17 > Content-Type: text/x-rst > --- > > @@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo Linux > distribution. > Changes > ======= > > +v2.2 > + Added "Gentoo Keyserver" section under "Gentoo Infrastructure" chapter. > + > v2.1 > A requirement for an encryption key has been added, in order to extend > the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev > @@ -135,8 +138,11 @@ their primary key). > > 5. Encrypted backup of your secret keys. > > +Gentoo Infrstructure
Typo. > +==================== > + > Gentoo LDAP > -=========== > +----------- > > All Gentoo developers must list the complete fingerprint for their primary > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex > digits, > @@ -147,6 +153,16 @@ of the fingerprint field. In any place that presently > displays > the "``gpgkey``" field, the last 16 hex digits of the fingerprint should > be displayed instead. > > +Gentoo Keyserver > +---------------- > + > +Gentoo infrastructure uses a keyserver that is isolated from the SKS pool. > +This keyserver is restricted to accepting uploads from authorized Gentoo > hosts. > +A script is provided on dev.gentoo.org to allow developers to upload their > +keys. This upload is required in addition to uploading to the SKS pool. > + > +``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp-key-upload`` > + > Backwards Compatibility > ======================= > > -- > 2.30.0.rc0 > > The rest LGTM. Thanks, Davide
