From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id YCR6Blcv22B7SAEAgWs5BA (envelope-from ) for ; Tue, 29 Jun 2021 16:33:59 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id EGwnAlcv22CvUQAA1q6Kng (envelope-from ) for ; Tue, 29 Jun 2021 14:33:59 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8727320882 for ; Tue, 29 Jun 2021 16:33:58 +0200 (CEST) Received: from localhost ([::1]:36348 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lyEoG-0000jF-Og for larch@yhetil.org; Tue, 29 Jun 2021 10:33:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56136) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyElT-0005Ss-Jy for guix-devel@gnu.org; Tue, 29 Jun 2021 10:31:03 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55544) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lyElT-00021y-97; Tue, 29 Jun 2021 10:31:03 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42542 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyElT-0000ql-1f; Tue, 29 Jun 2021 10:31:03 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Eric Bavier Subject: Re: New signing key References: <124ad5525164ec009000a9fad5c9dad23e68929d.camel@posteo.net> <871r8sy9n2.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 Messidor an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 29 Jun 2021 16:31:01 +0200 In-Reply-To: (Eric Bavier's message of "Wed, 23 Jun 2021 16:05:06 +0000") Message-ID: <87wnqcrbdm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1624977238; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=jxkV58Aiv0v4C9Gj/0X0eKRb0DeWNRvrjViUbr9/f1M=; b=Qp+VEPBw+WsUQzn7Jw/SapybYC1pxQQ/yEwARqQL8jEL3e7+xsXDXKuQTeuJoe6nwwPY7u En7zrHXE/Cp+vUtRIB02gb/9z/4m83jTJuUBDj1tfBIR0orb2MNHuuVL0AOunyB/tMlxnq aHqzHqHjt3nR9CPr1hxBAl6uKNrsLEyc309lc0BveUxZ1oYECj3Ab3j+YhAjXac0T023N2 02u1bCac872cppDmy4WgZ/yeSNZouCxtTbJmYZl6t4qVW7jP4Z9S5mlV/BP2IPljR+Zwo5 /DMRJwxJvRBHT/VRO2ArYfi9BPim+gmfOQ3c84mCM2e40mc7QwQ+wgdTr5dwEg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1624977238; a=rsa-sha256; cv=none; b=ISDNI7/SRYQDukVms+N8nhDHIM1qZq6OE10aE92hb8x+DlHv8iNkmcJsy+LMXK6sa4Cu4p BdSowSFetiOL6TJKcKmhzvKeWnFe30N34kVo+5PblN9uTKYZJF3Lp/GgVk5NEKY8XW5+M4 XbjzMUb3bRGa1k7GNSrhMLjmjlUekc46fiWlZSFz1HkpMAdbvDXCQvLqKbiwTdYbCo0yYD LM9mvWTGRpd8qncw0IcHMYfVvUQ5WJO+GP4hkdjcfPGg7/opqr7DVUHc0KKx8Puk//sq0O QSxEO4GaITvHRoOxfdn17nTNBK1OUB35WX4HBx5RW9jEovbpyn12gk80xhNH8w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.92 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 8727320882 X-Spam-Score: -2.92 X-Migadu-Scanner: scn1.migadu.com X-TUID: VzDUXtjFcoep Hi, Eric Bavier skribis: > On Wed, 2021-06-23 at 15:48 +0200, Ludovic Court=C3=A8s wrote: [...] >> In >> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and >> renamed the old one, but perhaps we can just remove the old one, if the >> old sub-key is still in the new one? > > I think the old key is still there, yes. I didn't remove it, just > added the new key. OK. I removed the former key file from the =E2=80=98keyring=E2=80=99 branc= h in commit 359ca340273213f7bafda455c9f89db55d69849c; I checked with =E2=80=98guix git authenticate=E2=80=99 that we can still authenticate former commits. >> In the future, unless you lose control of the key, it=E2=80=99s even bet= ter if >> you do it yourself: push a commit signed with the old key that >> introduces the new key. Otherwise we have to trust that you really are >> the one who uploaded the new key on Savannah. > > In this case, the old key had already expired. I think others here > have reset the expiry date on their keys before? I like the idea of > honoring the expiration dates I set, and creating a new key. But I'm > also willing to adopt whatever we decide is a best practice. I think either way is fine. I set an expiry date a few months in the future, and I change it a few weeks before it expires, the idea being that if I lose control of the key (e.g., laptop stolen) it=E2=80=99ll expir= e not too longer after that. Thanks, Ludo=E2=80=99.