New commit signing key?

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

* New commit signing key?
@ 2020-01-27 13:17 Ludovic Courtès
  2020-01-27 13:44 ` Julien Lepiller
  0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2020-01-27 13:17 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: Guix-devel

[-- Attachment #1: Type: text/plain, Size: 901 bytes --]

Hello Julien!

Unless I’m mistaken, starting from commit
2cbede5935eb6a40173bbdf30a9ad22bf7574c22 you started signing with key:

  1EFB 0909 1F17 D28C CBF9  B13A 53D4 57B2 D636 EE82

instead of:

  B5FA E628 5B41 3728 B2A0  FAED 4311 1F45 2008 6A0C

Could you confirm that this is the case so we can update
‘build-aux/git-authenticate.scm’ accordingly?  (Currently “make
authenticate” barfs.)

Preferably, reply with a message signed with your previous key stating
that the new fingerprint above is indeed yours.  Make sure to revoke
your previous key and send the revoked key (and the new one) to key
servers.

If you lost control of the old key, please state it (in a message signed
with the new key.)  I see <https://savannah.gnu.org/users/roptat>
contains the new key already.  The old one is due to expire on
2020-03-27 anyway.

Thanks in advance!

Ludo’.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: New commit signing key?
  2020-01-27 13:17 New commit signing key? Ludovic Courtès
@ 2020-01-27 13:44 ` Julien Lepiller
  2020-01-27 17:23   ` Ludovic Courtès
  0 siblings, 1 reply; 3+ messages in thread
From: Julien Lepiller @ 2020-01-27 13:44 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Guix-devel

[-- Attachment #1: Type: text/plain, Size: 1323 bytes --]

Le Mon, 27 Jan 2020 14:17:52 +0100,
Ludovic Courtès <ludovic.courtes@inria.fr> a écrit :

> Hello Julien!
> 
> Unless I’m mistaken, starting from commit
> 2cbede5935eb6a40173bbdf30a9ad22bf7574c22 you started signing with key:
> 
>   1EFB 0909 1F17 D28C CBF9  B13A 53D4 57B2 D636 EE82
> 
> instead of:
> 
>   B5FA E628 5B41 3728 B2A0  FAED 4311 1F45 2008 6A0C
> 
> Could you confirm that this is the case so we can update
> ‘build-aux/git-authenticate.scm’ accordingly?  (Currently “make
> authenticate” barfs.)
> 
> Preferably, reply with a message signed with your previous key stating
> that the new fingerprint above is indeed yours.  Make sure to revoke
> your previous key and send the revoked key (and the new one) to key
> servers.
> 
> If you lost control of the old key, please state it (in a message
> signed with the new key.)  I see
> <https://savannah.gnu.org/users/roptat> contains the new key already.
>  The old one is due to expire on 2020-03-27 anyway.
> 
> Thanks in advance!
> 
> Ludo’.

Hi Ludo,

not sure if signing this message will help prove anything, but well...

I accidentally destroyed the only copy of my previous key (hardware
issue...), so I don't think I can recover it. I don't have a way to
revoke it, so I'll let it expire.

Thanks

[-- Attachment #2: Signature digitale OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: New commit signing key?
  2020-01-27 13:44 ` Julien Lepiller
@ 2020-01-27 17:23   ` Ludovic Courtès
  0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2020-01-27 17:23 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: Guix-devel

Hi Julien,

Julien Lepiller <julien@lepiller.eu> skribis:

> Le Mon, 27 Jan 2020 14:17:52 +0100,
> Ludovic Courtès <ludovic.courtes@inria.fr> a écrit :
>
>> Hello Julien!
>> 
>> Unless I’m mistaken, starting from commit
>> 2cbede5935eb6a40173bbdf30a9ad22bf7574c22 you started signing with key:
>> 
>>   1EFB 0909 1F17 D28C CBF9  B13A 53D4 57B2 D636 EE82
>> 
>> instead of:
>> 
>>   B5FA E628 5B41 3728 B2A0  FAED 4311 1F45 2008 6A0C
>> 
>> Could you confirm that this is the case so we can update
>> ‘build-aux/git-authenticate.scm’ accordingly?  (Currently “make
>> authenticate” barfs.)
>> 
>> Preferably, reply with a message signed with your previous key stating
>> that the new fingerprint above is indeed yours.  Make sure to revoke
>> your previous key and send the revoked key (and the new one) to key
>> servers.
>> 
>> If you lost control of the old key, please state it (in a message
>> signed with the new key.)  I see
>> <https://savannah.gnu.org/users/roptat> contains the new key already.
>>  The old one is due to expire on 2020-03-27 anyway.
>> 
>> Thanks in advance!
>> 
>> Ludo’.
>
> Hi Ludo,
>
> not sure if signing this message will help prove anything, but well...

Yeah, though like I wrote, the person who did it was able to log in to
Savannah, so there are chances that it’s really the Julien we know.

> I accidentally destroyed the only copy of my previous key (hardware
> issue...), so I don't think I can recover it. I don't have a way to
> revoke it, so I'll let it expire.

OK, no problem.

Note that going forward we’ll have to be careful, because the goal is
for ‘guix pull’ to bail out with an error in such a situation.  So we
must get used to updating the list of authorized keys before using a new
key.

Anyhow, thanks for your reply!

Ludo’.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-01-27 17:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-27 13:17 New commit signing key? Ludovic Courtès
2020-01-27 13:44 ` Julien Lepiller
2020-01-27 17:23   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).