* wrong key used for signing
@ 2017-03-28 8:25 Thomas Danckaert
2017-03-28 8:47 ` Marius Bakke
0 siblings, 1 reply; 7+ messages in thread
From: Thomas Danckaert @ 2017-03-28 8:25 UTC (permalink / raw)
To: guix-devel
I accidentally used the wrong key when signing my commits to
core-updates yesterday. How can I fix this? A number of commits were
already made on top of mine, so we'd need to rebase?
These are the offending commits:
b1a8fd2d2 gnu: libreoffice: Update to 5.3.1.2.
90ac806d3 gnu: orcus: Update to 0.12.1.
b85b56dd7 gnu: libetonyek: Update to 0.1.6.
22e52dbd0 gnu: Add libstaroffice.
cb3864392 gnu: ixion: Update to 0.12.2.
57144094b gnu: mdds: Upgrade to 1.2.2.
741916f11 gnu: Add libzmf.
Thomas
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 8:25 wrong key used for signing Thomas Danckaert
@ 2017-03-28 8:47 ` Marius Bakke
2017-03-28 13:03 ` Marius Bakke
2017-03-28 18:35 ` Leo Famulari
0 siblings, 2 replies; 7+ messages in thread
From: Marius Bakke @ 2017-03-28 8:47 UTC (permalink / raw)
To: Thomas Danckaert, guix-devel
[-- Attachment #1: Type: text/plain, Size: 847 bytes --]
Thomas Danckaert <post@thomasdanckaert.be> writes:
> I accidentally used the wrong key when signing my commits to
> core-updates yesterday. How can I fix this? A number of commits were
> already made on top of mine, so we'd need to rebase?
If you can send a signed message (using key D77D54FD according to my
books) containing the public key of the key used to sign these commits
(so they can be verified), I think that is proof enough. Assuming you
admit to making them, of course :-)
> These are the offending commits:
>
> b1a8fd2d2 gnu: libreoffice: Update to 5.3.1.2.
> 90ac806d3 gnu: orcus: Update to 0.12.1.
> b85b56dd7 gnu: libetonyek: Update to 0.1.6.
> 22e52dbd0 gnu: Add libstaroffice.
> cb3864392 gnu: ixion: Update to 0.12.2.
> 57144094b gnu: mdds: Upgrade to 1.2.2.
> 741916f11 gnu: Add libzmf.
>
> Thomas
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 8:47 ` Marius Bakke
@ 2017-03-28 13:03 ` Marius Bakke
2017-03-28 18:40 ` Leo Famulari
` (2 more replies)
2017-03-28 18:35 ` Leo Famulari
1 sibling, 3 replies; 7+ messages in thread
From: Marius Bakke @ 2017-03-28 13:03 UTC (permalink / raw)
To: Thomas Danckaert, guix-devel
[-- Attachment #1: Type: text/plain, Size: 777 bytes --]
Marius Bakke <mbakke@fastmail.com> writes:
> Thomas Danckaert <post@thomasdanckaert.be> writes:
>
>> I accidentally used the wrong key when signing my commits to
>> core-updates yesterday. How can I fix this? A number of commits were
>> already made on top of mine, so we'd need to rebase?
>
> If you can send a signed message (using key D77D54FD according to my
> books) containing the public key of the key used to sign these commits
> (so they can be verified), I think that is proof enough. Assuming you
> admit to making them, of course :-)
To be clear, simply "vouching" for the commits in a signed message is
good enough for me. It would be good to have the signing key for future
reference, but if you don't want to disclose it I'm fine with that.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 8:47 ` Marius Bakke
2017-03-28 13:03 ` Marius Bakke
@ 2017-03-28 18:35 ` Leo Famulari
1 sibling, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2017-03-28 18:35 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel, Thomas Danckaert
[-- Attachment #1: Type: text/plain, Size: 673 bytes --]
On Tue, Mar 28, 2017 at 10:47:05AM +0200, Marius Bakke wrote:
> Thomas Danckaert <post@thomasdanckaert.be> writes:
>
> > I accidentally used the wrong key when signing my commits to
> > core-updates yesterday. How can I fix this? A number of commits were
> > already made on top of mine, so we'd need to rebase?
Thanks for pointing it out! This has spurred me to assemble a Guix
keyring.
> If you can send a signed message (using key D77D54FD according to my
> books) containing the public key of the key used to sign these commits
> (so they can be verified), I think that is proof enough. Assuming you
> admit to making them, of course :-)
Agreed!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 13:03 ` Marius Bakke
@ 2017-03-28 18:40 ` Leo Famulari
2017-03-29 7:38 ` Thomas Danckaert
2017-03-29 7:55 ` Thomas Danckaert
2 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2017-03-28 18:40 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel, Thomas Danckaert
[-- Attachment #1: Type: text/plain, Size: 404 bytes --]
On Tue, Mar 28, 2017 at 03:03:23PM +0200, Marius Bakke wrote:
> To be clear, simply "vouching" for the commits in a signed message is
> good enough for me. It would be good to have the signing key for future
> reference, but if you don't want to disclose it I'm fine with that.
The key that was used mistakenly, A5C5 92EA 606E 7106 A6A3 BC08 98B2
1575 91E1 2B08, is still available on the key servers.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 13:03 ` Marius Bakke
2017-03-28 18:40 ` Leo Famulari
@ 2017-03-29 7:38 ` Thomas Danckaert
2017-03-29 7:55 ` Thomas Danckaert
2 siblings, 0 replies; 7+ messages in thread
From: Thomas Danckaert @ 2017-03-29 7:38 UTC (permalink / raw)
To: mbakke; +Cc: guix-devel
[-- Attachment #1: Type: Text/Plain, Size: 935 bytes --]
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: wrong key used for signing
Date: Tue, 28 Mar 2017 15:03:23 +0200
>> If you can send a signed message (using key D77D54FD according to
>> my
>> books) containing the public key of the key used to sign these
>> commits
>> (so they can be verified), I think that is proof enough. Assuming
>> you
>> admit to making them, of course :-)
>
> To be clear, simply "vouching" for the commits in a signed message
> is
> good enough for me. It would be good to have the signing key for
> future
> reference, but if you don't want to disclose it I'm fine with that.
As Leo found out, it's just an old key (that I didn't intend to use
anymore, I should probably just revoke it). For now, I signed it
with the new key (find it here:
http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex).
For sake of completeness: I vouch for the commits referenced in the
attached log.
Thomas
[-- Attachment #2: commit.log --]
[-- Type: Text/Plain, Size: 2223 bytes --]
commit e1abe244f3810e5a1bb82ed70c2290e54d87ac95
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 14:16:54 2017 +0100
gnu: libreoffice: Update to 5.3.1.2.
* gnu/packages/libreoffice.scm (libreoffice): Update to 5.3.1.2.
[inputs]: Add libstaroffice and libzmf.
[arguments]: Remove reference to removed patch; unpack xmlsec
1.2.23 tarball.
(xmlsec-src-libreoffice): Update to version 1.2.23 tarball.
commit 5dc2875fa279739e79c3ea7bc0bbd85814c25dcc
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:57:18 2017 +0100
gnu: orcus: Update to 0.12.1.
* gnu/packages/libreoffice.scm (orcus): Update to 0.12.1.
[inputs]: Add python.
commit 65cb686e887d8e6311f48c716f8fd29d409db5d0
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:53:56 2017 +0100
gnu: libetonyek: Update to 0.1.6.
* gnu/packages/libreoffice.scm (libetonyek): Update to 0.1.6.
[arguments]: Add phase 'autoreconf, because configure.ac is
patched. Add
configure flag "--with-mdds=1.2".
[inputs]: Add liblangtag.
[native-inputs]: Add autoconf and automake.
* gnu/packages/patches/libetonyek-build-with-mdds-1.2.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
commit c2afb00f1145e136d0a97632cbd0a8dc3ccc2ca8
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:37:57 2017 +0100
gnu: Add libstaroffice.
* gnu/packages/libreoffice.scm (libstaroffice): New variable.
commit 4e70c654d52c0d93069f8ceec0face6f24cb249e
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 12:25:29 2017 +0100
gnu: ixion: Update to 0.12.2.
* gnu/packages/libreoffice.scm (ixion): Update to 0.12.2.
[inputs]: Replace python-2 by python.
commit 9adf830916a244c857187be02b18b25603551781
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 12:19:22 2017 +0100
gnu: mdds: Upgrade to 1.2.2.
* gnu/packages/boost.scm (mdds): Upgrade to 1.2.2.
commit 5bcb40fc37b065672c3a88811dfb170a6d44908a
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 11:58:22 2017 +0100
gnu: Add libzmf.
* gnu/packages/libreoffice.scm (libzmf): New Variable.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: wrong key used for signing
2017-03-28 13:03 ` Marius Bakke
2017-03-28 18:40 ` Leo Famulari
2017-03-29 7:38 ` Thomas Danckaert
@ 2017-03-29 7:55 ` Thomas Danckaert
2 siblings, 0 replies; 7+ messages in thread
From: Thomas Danckaert @ 2017-03-29 7:55 UTC (permalink / raw)
To: mbakke; +Cc: guix-devel
[-- Attachment #1.1: Type: Text/Plain, Size: 983 bytes --]
(now actually including the signature... sigh)
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: wrong key used for signing
Date: Tue, 28 Mar 2017 15:03:23 +0200
>> If you can send a signed message (using key D77D54FD according to
>> my
>> books) containing the public key of the key used to sign these
>> commits
>> (so they can be verified), I think that is proof enough. Assuming
>> you
>> admit to making them, of course :-)
>
> To be clear, simply "vouching" for the commits in a signed message
> is
> good enough for me. It would be good to have the signing key for
> future
> reference, but if you don't want to disclose it I'm fine with that.
As Leo found out, it's just an old key (that I didn't intend to use
anymore, I should probably just revoke it). For now, I signed it
with the new key (find it here:
http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex).
For sake of completeness: I vouch for the commits referenced in the
attached log.
Thomas
[-- Attachment #1.2: commit.log --]
[-- Type: Text/Plain, Size: 2198 bytes --]
commit e1abe244f3810e5a1bb82ed70c2290e54d87ac95
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 14:16:54 2017 +0100
gnu: libreoffice: Update to 5.3.1.2.
* gnu/packages/libreoffice.scm (libreoffice): Update to 5.3.1.2.
[inputs]: Add libstaroffice and libzmf.
[arguments]: Remove reference to removed patch; unpack xmlsec
1.2.23 tarball.
(xmlsec-src-libreoffice): Update to version 1.2.23 tarball.
commit 5dc2875fa279739e79c3ea7bc0bbd85814c25dcc
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:57:18 2017 +0100
gnu: orcus: Update to 0.12.1.
* gnu/packages/libreoffice.scm (orcus): Update to 0.12.1.
[inputs]: Add python.
commit 65cb686e887d8e6311f48c716f8fd29d409db5d0
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:53:56 2017 +0100
gnu: libetonyek: Update to 0.1.6.
* gnu/packages/libreoffice.scm (libetonyek): Update to 0.1.6.
[arguments]: Add phase 'autoreconf, because configure.ac is
patched. Add
configure flag "--with-mdds=1.2".
[inputs]: Add liblangtag.
[native-inputs]: Add autoconf and automake.
* gnu/packages/patches/libetonyek-build-with-mdds-1.2.patch: New
file.
* gnu/local.mk (dist_patch_DATA): Add it.
commit c2afb00f1145e136d0a97632cbd0a8dc3ccc2ca8
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 13:37:57 2017 +0100
gnu: Add libstaroffice.
* gnu/packages/libreoffice.scm (libstaroffice): New variable.
commit 4e70c654d52c0d93069f8ceec0face6f24cb249e
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 12:25:29 2017 +0100
gnu: ixion: Update to 0.12.2.
* gnu/packages/libreoffice.scm (ixion): Update to 0.12.2.
[inputs]: Replace python-2 by python.
commit 9adf830916a244c857187be02b18b25603551781
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 12:19:22 2017 +0100
gnu: mdds: Upgrade to 1.2.2.
* gnu/packages/boost.scm (mdds): Upgrade to 1.2.2.
commit 5bcb40fc37b065672c3a88811dfb170a6d44908a
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date: Fri Mar 24 11:58:22 2017 +0100
gnu: Add libzmf.
* gnu/packages/libreoffice.scm (libzmf): New Variable.
[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-03-29 7:56 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-28 8:25 wrong key used for signing Thomas Danckaert
2017-03-28 8:47 ` Marius Bakke
2017-03-28 13:03 ` Marius Bakke
2017-03-28 18:40 ` Leo Famulari
2017-03-29 7:38 ` Thomas Danckaert
2017-03-29 7:55 ` Thomas Danckaert
2017-03-28 18:35 ` Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).