From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id WE6OG5VF22APeAEAgWs5BA (envelope-from ) for ; Tue, 29 Jun 2021 18:08:53 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id MMAlF5VF22CPZAAAbx9fmQ (envelope-from ) for ; Tue, 29 Jun 2021 16:08:53 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D20CE229B8 for ; Tue, 29 Jun 2021 18:08:52 +0200 (CEST) Received: from localhost ([::1]:44454 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lyGI7-0005V5-Nj for larch@yhetil.org; Tue, 29 Jun 2021 12:08:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59896) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyGGV-0003lH-EK for guix-devel@gnu.org; Tue, 29 Jun 2021 12:07:11 -0400 Received: from mout01.posteo.de ([185.67.36.65]:56953) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyGGS-00066w-Ol for guix-devel@gnu.org; Tue, 29 Jun 2021 12:07:10 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 3F9ED240028 for ; Tue, 29 Jun 2021 18:07:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1624982825; bh=gzJNm2XxhBrTiOV1i///vRluSmvgdgonvLZNCfcScqo=; h=Subject:From:To:Cc:Date:From; b=MV3EymocYyOXrS7k/XKVCCL71NjUUt0t35hGhmFZPS1IAIBk3RIwqG6oYClYFLSb9 q8AeMoVertiHi1x3U9cVV7ZAW8BQALp7Attt9x6Aa0YDHZ2GiZamSLpwfZ37HCUzkW y+ocaXrQa+tQtAh8Da/8lvg7F43rjize1MBW3i3nSZlUGJQ91i7uMUyTdKfpSXSUr8 bOd7Zf85b2oWS4XqFVW8qPbIMAXqcTKaczwGrTIr28MxXkQBZ7BlwSQfWwGHtvhM4m /c/yqqZGxJ8alWuCTrRwrfWYoKIr+5w1lmD3sQNxdSvG4o/CfG5r2vKBmFY1uEVUAC 6kTtckkbuHsWA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4GDq9h0Xbnz6tmM; Tue, 29 Jun 2021 18:07:03 +0200 (CEST) Message-ID: <264ead6a500acc3a15b78d8eeae48d668b4e3333.camel@posteo.net> Subject: Re: New signing key From: Eric Bavier To: Tobias Geerinckx-Rice Date: Tue, 29 Jun 2021 16:06:53 +0000 In-Reply-To: <87eeckbs8d.fsf@nckx> References: <124ad5525164ec009000a9fad5c9dad23e68929d.camel@posteo.net> <871r8sy9n2.fsf@gnu.org> <87wnqcrbdm.fsf@gnu.org> <87eeckbs8d.fsf@nckx> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-KqwWZbq7wdlRVds3uNyK" MIME-Version: 1.0 Received-SPF: pass client-ip=185.67.36.65; envelope-from=bavier@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1624982933; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=TJWcXyEu+l0XbI7WrgqTX9o/ZL5pdDWdLtIvkHj3j3w=; b=oNgugc6Bp+jZvLG90AfSJgOoCEZ8c/I9VVac8ns+aPIk8k1ACivGaWl8CcE3BfqpeJKp5L LOzJUQxuS0YvWUhEtfJjK+QxrpSeW2QGDcSTko6zXhGuVWdHao51RTEXUMFGMfUx2elIF/ UL4JkBCSWBH58JKQcbYXAyMA24/2mlZV1JXb88ZLT5sixfgegBJFDDCMktm2dVADV8MIZQ Z/S84b0xB5NZU9g1UedXKk8YdmtU+IIPlajOMFt63pOycNeVbmoX48my7TtcZN1S0iwaBq n+9V1WzGn/JTFhbsnXN4qz44KVUIqrduorvDHeQX9HfII4HP3kgDAAO8XYVuNQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1624982933; a=rsa-sha256; cv=none; b=LfrpctwNTfHGvZBjv9NSwN7n1X5UNFtVMdARPipxDnuW1Qqwvnn3vu6QrI6h7bYjVgLycT M4COAVezUY4WfWbnsPqr5SRzxpL4djRrjPESgp/f8MTPmoEvAleiukeWiBIJRAk35xkFAA qJQWDHQw2Dlb4zDH2/MFEJQFv2BNfmWywcupiIzwRpE8nrrz3k0Ig7K8SnqMnrM9XbxQWV JnxR7eH8LpqycvczDsIJSgw/9JtF52Xoclmd7255oljJpau7UL6Wo8FUcBmByuAE9lljjF 0oDYqRsbMA7439kJDl18jE/xSVxnnedousAR2K0PSXSUYtIYh7tPcAdPHbzDWQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=MV3Eymoc; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -5.22 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=MV3Eymoc; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: D20CE229B8 X-Spam-Score: -5.22 X-Migadu-Scanner: scn1.migadu.com X-TUID: D89EAFrYqPzM --=-KqwWZbq7wdlRVds3uNyK Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Tobias, On Tue, 2021-06-29 at 16:40 +0200, Tobias Geerinckx-Rice wrote: > Question: I think committers should be trusted with discretion in=20 > how they prefer to manage their keys, but how about briefly=20 > documenting a suggested sane key-management strategy to new=20 > committers, like we already describe some rando's editor set-up?=20 > :-) I think this would be very nice. Especially if it laid out some of the trade-offs as you did here. >=20 > I don't think most people *insist* on their current one, it's just=20 > what they know; and GPG is complex and gnarly. >=20 ... >=20 > I'm not aware of any authority on best practices that would claim=20 > the opposite, but if you are, I'd be grateful to hear about it! >=20 No, I definitely fall into the group who don't insist on a strategy and are just doing what they know :). I appreciate your feedback! And I'll probably be making some adjustments to my workflow. Thanks, `~Eric --=-KqwWZbq7wdlRVds3uNyK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQJGBAABCgAwFiEEo6S0GQB0CHyn3laYvEXKZ+L40AcFAmDbRR0SHGJhdmllckBw b3N0ZW8ubmV0AAoJELxFymfi+NAHzsMQAL4YY+gtRleTM7IJf5IiGQaPagkHhjfG kJS1Zh0cgYZfY2CD2QdL3OxkrEcw+xXrkWUC3Ea+dw+f19v3MKGBuqfK1JXA5Khn S0F1Hl0X+llIu74X9mzJ17ksVeh3OCZvyw0JKUBEqGIwV9s0ouv7mriInJkeoIYz j6PPzuc6gdNO2Vo5HWuyHEiyqEVJsTHa+U74eFZeGLs6V86+pFAtreC7BjS9jnG3 WwaJ+ozNWyFkGcwNNW82mEzGVDFjPhszZ7ALT2Y37IbWNh048CioNmrFkz4ICIol QqV/2WL4w2AMaepfHYXatWI7RL8GI0jAiGYJ+7ofn/TelQv+qDXXTgxHOiVpq7xx UjeuxTpmi4Vrsm1AKfVJ8/uvXNj0xFZZbDJAAe7cb4dQ9Uy2oOHtwny3Onhimn8G vYcgUmHmIP4gC3xCJv9uUJ7o5gypPEKbsoia9h+wBE0TIF1Rp6xsMb59DH0J1pBr GikGit7Rt0WO6/NB6NddteCv3k5al+q660aBQrHWOY++s2fs/OuTzknagRBa8bS1 WdNqqcbWfzaY+4jRhMfJmxl9jXqn34qULLkIcKDK5EIhaB1eHCSqJ3orerNrqm9u CuJcti3V5gdGpO1la1FytnERXn31NV5pGWzHLGlcjkxn4KICpoQ8QrDMMVRyCzmB hWdDz7Ke91My =ka3Y -----END PGP SIGNATURE----- --=-KqwWZbq7wdlRVds3uNyK--