On Thu, 2020-12-17 at 13:12 -0500, Mike Gilbert wrote: > Signed-off-by: Mike Gilbert <flop...@gentoo.org> > --- > > v2: Added "This upload is required in addition to uploading the SKS > pool." > > glep-0063.rst | 24 ++++++++++++++++++++---- > 1 file changed, 20 insertions(+), 4 deletions(-) > > diff --git a/glep-0063.rst b/glep-0063.rst > index 82541bd..ec465db 100644 > --- a/glep-0063.rst > +++ b/glep-0063.rst > @@ -7,10 +7,10 @@ Author: Robin H. Johnson <robb...@gentoo.org>, > Michał Górny <mgo...@gentoo.org> > Type: Standards Track > Status: Final > -Version: 2.1 > +Version: 2.2 > Created: 2013-02-18 > -Last-Modified: 2019-11-07 > -Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 > +Last-Modified: 2020-12-17 > +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020- > 12-17 > Content-Type: text/x-rst > --- > > @@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo > Linux distribution. > Changes > ======= > > +v2.2 > + Added "Gentoo Keyserver" section under "Gentoo Infrastructure" > chapter. > + > v2.1 > A requirement for an encryption key has been added, in order to > extend > the GLEP beyond commit signing and into use of OpenPGP for dev-to- > dev > @@ -135,8 +138,11 @@ their primary key). > > 5. Encrypted backup of your secret keys. > > +Gentoo Infrstructure
T > +==================== > + > Gentoo LDAP > -=========== > +----------- > > All Gentoo developers must list the complete fingerprint for their > primary > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 > hex digits, > @@ -147,6 +153,16 @@ of the fingerprint field. In any place that > presently displays > the "``gpgkey``" field, the last 16 hex digits of the fingerprint > should > be displayed instead. > > +Gentoo Keyserver > +---------------- > + > +Gentoo infrastructure uses a keyserver that is isolated from the SKS > pool. > +This keyserver is restricted to accepting uploads from authorized > Gentoo hosts. > +A script is provided on dev.gentoo.org to allow developers to upload > their > +keys. This upload is required in addition to uploading to the SKS > pool. > + > +``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp- > key-upload`` > + > Backwards Compatibility > ======================= Thank you for doing this. That said, I'm wondering if we should keep SKS pool at all. Did anyone have any success interacting with it lately? All my attempts of fetching keys are resulting in server errors. -- Best regards, Michał Górny
