Document our new OpenPGP keys and management policy.

f5b4bbab · amnesia · fe261689 · f5b4bbab · f5b4bbab · f5b4bbab
Commit f5b4bbab authored Oct 07, 2010 by amnesia
--- a/config/amnesia
+++ b/config/amnesia
@@ -167,7 +167,7 @@ AMNESIA_FULL_VERSION="${AMNESIA_VERSION} - ${AMNESIA_TODAY}"
 # Developpers' data used by git-dch, debcommit and friends in the release script
 AMNESIA_DEV_FULLNAME="amnesia"
 AMNESIA_DEV_EMAIL="amnesia@boum.org"
-AMNESIA_DEV_KEYID="F93E735F"
+AMNESIA_DEV_KEYID="BE2CD9C1"

 # Supported languages (displayed in this order by the syslinux menu)
 AMNESIA_SUPPORTED_LANGUAGES="ar zh de en fr it pt es"
--- a/wiki/src/GnuPG_key.mdwn
+++ b/wiki/src/GnuPG_key.mdwn
+T(A)ILS developers maintain several OpenPGP key pairs.
+
+[[!toc levels=2]]
+
+Mailing-list key
+================
+
+Purpose
+-------
+
+### Encryption
+
+This key has an encryption subkey. Please use it to encrypt email sent
+to the core developers encrypted mailing-list: <amnesia@boum.org>.
+
+### Signature
+
+This key also has the capability to sign and certify. Until T(A)ILS
+0.5 and 0.6~rc3, released images were signed by this key. This purpose
+is now deprecated: further releases will be signed by a dedicated,
+safer signing key. As of 2010 October 7th, our mailing-list key
+signature only means our mailing-list software checked the signed
+content was originally OpenPGP-signed by a T(A)ILS core developer.
+
+Policy
+------
+
+The secret key material and its passphrase are stored on the server
+that runs our encrypted mailing-list software and on systems managed
+by core T(A)ILS developers.
+
+This means people other than T(A)ILS developers are in a position to
+use this secret key. T(A)ILS developers trust these people enough to
+rely on them for running our encrypted mailing-list, but still: this
+key pair is managed in a less safe way than our signing key.
+
+Key details
+-----------
+
 	pub   4096R/F93E735F 2009-08-14 [expires: 2014-08-13]
 	      Key fingerprint = 09F6 BC8F EEC9 D8EE 005D  BAA4 1D29 75ED F93E 735F
 	uid                  Amnesia <amnesia@boum.org>
+	uid                  T(A)ILS developers (Schleuder mailing-list) <amnesia@boum.org>
 	sub   4096R/E89382EB 2009-08-14 [expires: 2014-08-13]

-To receive our GnuPG public key, you can either
-[download it from this website](https://amnesia.boum.org/amnesia.asc),
-fetch it from your favourite keyserver, or send an email to
-<amnesia@boum.org> with "send key!" as the subject:
+How to get the public key?
+--------------------------
+
+There are multiple ways to get this OpenPGP public key:
+
+- [download it from this website](https://amnesia.boum.org/amnesia.asc)
+- fetch it from your favourite keyserver
+- send an email to <amnesia-sendkey@boum.org>.
+
+Signing key
+===========
+
+Purpose
+-------
+
+This key only has the capability to sign and certify: it has no
+encryption subkey.
+
+Its only purpose is:
+
+- to sign T(A)ILS released images (starting with 0.6)
+- to certify other cryptographic public keys needed for T(A)ILS
+  development.
+
+Policy
+------
+
+The secret key material will never be stored on an online server or on
+systems managed by anyone else than T(A)ILS core developers.
+
+Key details
+-----------
+
+	pub   4096R/BE2CD9C1 2010-10-07 [expires: 2012-10-06]
+	      Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
+	uid                  T(A)ILS developers (signing key) <amnesia@boum.org>
+
+
+How to get the public key?
+--------------------------

-	Subject: send key!
+There are multiple ways to get this OpenPGP public key:

-The body of that email must be left blank.
+- [download it from this website](https://amnesia.boum.org/amnesia.asc)
+- fetch it from your favourite keyserver.
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -71,7 +71,7 @@ Second, copy the built images to these brand new directories.
 Third, generate detached GnuPG signatures for every published image,
 in the same directory as the image; e.g.

-	gpg --armor --default-key F93E735F --detach-sign *.iso
+	gpg --armor --default-key BE2CD9C1 --detach-sign *.iso

 Fourth, create a `.torrent` file for every directory to be published:

@@ -91,7 +91,7 @@ Sixth, generate the SHA-256 hash of every generated `.torrent` file:
 Seventh, generate detached GnuPG signatures for every published
 `.torrent` file:

-	gpg --armor --default-key F93E735F --detach-sign \
+	gpg --armor --default-key BE2CD9C1 --detach-sign \
 	  amnesia-i386-gnome-0.3-20091126.torrent

 Eight, generate the SHA-256 hash of every image to be released:
@@ -138,7 +138,7 @@ record the last commit before tagging happens:
 Tag the release in Git
 ======================

-	git tag -u F93E735F -m "tagging version ${NEW_VERSION}" "${NEW_VERSION}"
+	git tag -u BE2CD9C1 -m "tagging version ${NEW_VERSION}" "${NEW_VERSION}"

 Go wild!
 ========

--- a/wiki/src/git.mdwn
+++ b/wiki/src/git.mdwn
@@ -24,3 +24,8 @@ in every of your local clones' directories:

 	git config user.name amnesia
 	git config user.email amnesia@boum.org
+
+If you might need to prepare T(A)ILS releases, you'll also need to
+make the development team signing key the default one for Git tags:
+
+	git config user.signingkey BE2CD9C1