New signing key

New signing key

[Jan Nieuwenhuizen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi!

Just to clarify that I lost the key I've been using to sign commits the
past year and didn't have a backup:

    pub   rsa4096 2017-06-09 [SC]
          DB34 CB51 D25C 9408 156F  CDD6 A12F 8797 8D70 1B99
    uid           [  full  ] Jan Nieuwenhuizen (janneke) <janneke@gnu.org>
    sub   rsa4096 2017-06-09 [E]

So I created a new key

    pub   rsa4096 2018-04-08 [SC]
          1A85 8392 E331 EAFD B8C2  7FFB F3C1 A0D9 C1D6 5273
    uid           [ultimate] Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
    sub   rsa4096 2018-04-08 [E]

and uploaded its armour to savannah.

Greetings,
janneke

- -- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEGoWDkuMx6v24wn/788Gg2cHWUnMFAlreI/MACgkQ88Gg2cHW
UnNW0w//f63ct1LigPfphei7JyT1I7aa513K0Xb4Wp+T8D6FCpvGg/jjcTR4jpFc
l/fv72ExDtqmamE9jDGFiwWbL2a5m99hIRhEuTV6VtonTD1CJUZOfV1ReCyH32rh
NOUPIzZ4L57DL5OVNrKTbrMI3z9TzLmuwzLw5z13SaabSTW/ZO4yEv+9RauOB1GJ
cV8ic1qiRpNqiG6xu0BGZp16D0teaqUDko1MLd/mxxJXp3PvKrIIDa4fu0YNuoSj
rLXy2aoXwfjttt8cLS303Co0YM0Si6FcVlumqdAROBnJue2QpwQvSAv8RHKgpqPP
8h0sZeibdmIpKolnmFR9iq84TwDrj8Bx6fDHPlMRmGZdSZgZO9AhfKwPef83ThZw
cs4gvcldy0fEnT0JwQmEmde5gHUFr2rKEjA2NxbQO8NcpEFQAvsiGPSZiLnJZ5lU
2WNVy6kNLhkDEQZeDMfNBI4XpGg3LzjtEZIB7TAjNODPVT9GXEzCAUDvMc4Dn4Bu
zQQxaZVgPGodIx+r49ZtKObzxX2/MQWI1bLxKpiuxTQebfgTq0PVm+4IfsXd4lrt
ZXqt15VHT5wBSVUdvhp0+Xs1RaSMmCNWVu9Div6Rs8G+LODTx4svLA6gd1ohye7e
G1paCcDQil5PKXmizX3nmUbPzdHkrq2PZ5zqk1BF4jEcGj0Ovrk=
=TgAQ
-----END PGP SIGNATURE-----

New signing key

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 613 bytes --]

Hello Roel,

You signed commit cc51c03ff867d4633505354819c6d88af88bf919 and its
parent with OpenPGP key F556FD94FB8F8B8779E36832CBD0CD5138C19AFC, which
differs from the one registered in ‘build-aux/git-authenticate.scm’
(17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1) that you used
previously.

Could you please reply to this message signed with the old key, stating
that the new key is the right one?

As a last resort, if you lost control of the old key, could you ensure
your Savannah account contains the new key and send a reply signed with
the new key?

Thanks in advance,
Ludo’.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: New signing key

[Roel Janssen]

[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]

Hello Ludo’ and Guix,

I lost the password of the old key.  I updated my OpenPGP key on
Savannah to the new one (F556FD94FB8F8B8779E36832CBD0CD5138C19AFC).

I am trying to find the revocation key (printed) to revoke the old key
as reassurance that I am still me, and no malice is going on.  As I
moved twice since printing and securely storing the revocation key,
this will take some time.

Is there perhaps a key-signing party for GNU Guix maintainers to build
a better trust in the future?

Kind regards,
Roel Janssen


On Thu, 2020-03-05 at 18:13 +0100, Ludovic Courtès wrote:
> Hello Roel,
> 
> You signed commit cc51c03ff867d4633505354819c6d88af88bf919 and its
> parent with OpenPGP key F556FD94FB8F8B8779E36832CBD0CD5138C19AFC,
> which
> differs from the one registered in ‘build-aux/git-authenticate.scm’
> (17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1) that you used
> previously.
> 
> Could you please reply to this message signed with the old key,
> stating
> that the new key is the right one?
> 
> As a last resort, if you lost control of the old key, could you
> ensure
> your Savannah account contains the new key and send a reply signed
> with
> the new key?
> 
> Thanks in advance,
> Ludo’.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: New signing key

[Tobias Geerinckx-Rice]

[-- Attachment #1: Type: text/plain, Size: 583 bytes --]

Roel,

Roel Janssen 写道：
> I am trying to find the revocation key (printed) to revoke the 
> old key
> as reassurance that I am still me, and no malice is going on. 
> As I
> moved twice since printing and securely storing the revocation 
> key,
> this will take some time.

Thanks for taking the time to do that!  It is appreciated.

> Is there perhaps a key-signing party for GNU Guix maintainers to 
> build
> a better trust in the future?

We should do something like that at FOSDEM next year.  I hope 
you'll be able to attend.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

New Signing Key

[Brett Gilio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey all,

As per my email a few days ago, I have lost control of my signing key. I
have, as per instructions, refreshed the key on Savannah and am signing
this email.

I have familiarized myself with the changes to the contribution process,
and am looking forward to getting back into the groove! Thanks a bunch
for those who reached out, and those who kept in touch with me during my
hiatus.

Brett Gilio
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE6CrAJpXW/wJDyh5c9sUt0bony4cFAl8Q5rIACgkQ9sUt0bon
y4c4aggAr0/x2mhwJRRljrDmO0UC/jEV0VwH8TKBMZz60w8MLiJJYwiFyTSL4cJx
sE/Eo/b5B7kEw+nyPNvuw7qXAy8ie80S6frZ9/QrI3Q6ViEV274qex5YeCQfdnbf
oM+1ALAQsbG2wGh6TutdKFEx7vtbCefx/0QxHfj2dYD8nZ+SwoBma8jvogDcubxy
4mGhTqjEuoucJgGN5FwUFf2IimwgSN7O708rIPpcf3QTV0QM3t3bxIGQDnHJr8pb
xQTDsFySBzmZnGyHJVtDSUr+3TE1w11ZMVHd0dcX78STjJkEV3BcGcICOLVszJ2m
bBrUt82L6JU/Dgwjl6KYr3ZezRrHCQ==
=CU3q
-----END PGP SIGNATURE-----

Re: New Signing Key

[Tobias Geerinckx-Rice]

[-- Attachment #1: Type: text/plain, Size: 311 bytes --]

Guix,

Brett Gilio 写道：
> As per my email a few days ago, I have lost control of my 
> signing key. I
> have, as per instructions, refreshed the key on Savannah and am 
> signing
> this email.

I've authorised Brett in commit 
ba1d9680d61d3b06d9b81a81863448f494d654a7.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

New signing key

[Eric Bavier]

[-- Attachment #1: Type: text/plain, Size: 157 bytes --]

Hello Guix,

I've updated my GPG key on Savannah with a new signing subkey and uid.
Could a maintainer do the necessary repo updates?

Thanks,
`~Eric

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]

Re: New signing key

[Eric Bavier]

[-- Attachment #1: Type: text/plain, Size: 239 bytes --]

On Tue, 2021-06-15 at 03:05 +0000, Eric Bavier wrote:
> Hello Guix,
> 
> I've updated my GPG key on Savannah with a new signing subkey and uid.
> Could a maintainer do the necessary repo updates?

Ping?

> 
> Thanks,
> `~Eric


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]

Re: New signing key

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 1023 bytes --]

Hi,

Apologies for the delay!

Eric Bavier <bavier@posteo.net> skribis:

> I've updated my GPG key on Savannah with a new signing subkey and uid.

Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543.  In
d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
renamed the old one, but perhaps we can just remove the old one, if the
old sub-key is still in the new one?

Anyway, you should be able to push to ‘master’ now.  Please double-check
with ‘guix git authenticate’ (and the pre-push hook) that everything’s
fine.

> Could a maintainer do the necessary repo updates?

Note that any committer who’s checked that all is fine can do this, but
I guess everyone was busy hacking (or reviewing!).  ;-)

In the future, unless you lose control of the key, it’s even better if
you do it yourself: push a commit signed with the old key that
introduces the new key.  Otherwise we have to trust that you really are
the one who uploaded the new key on Savannah.

Thanks,
Ludo’.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

Re: New signing key

[Eric Bavier]

[-- Attachment #1: Type: text/plain, Size: 1647 bytes --]

On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote:
> Hi,
> 
> Apologies for the delay!
> 
> Eric Bavier <bavier@posteo.net> skribis:
> 
> > I've updated my GPG key on Savannah with a new signing subkey and uid.
> 
> Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543.

Thank you Thank you!

>   In
> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
> renamed the old one, but perhaps we can just remove the old one, if the
> old sub-key is still in the new one?

I think the old key is still there, yes.  I didn't remove it, just
added the new key.

> 
> Anyway, you should be able to push to ‘master’ now.  Please double-check
> with ‘guix git authenticate’ (and the pre-push hook) that everything’s
> fine.

Will do.

> 
> > Could a maintainer do the necessary repo updates?
> 
> Note that any committer who’s checked that all is fine can do this, but
> I guess everyone was busy hacking (or reviewing!).  ;-)

I completely understand.  I didn't trust myself to know how to check
that all is fine. :)

> 
> In the future, unless you lose control of the key, it’s even better if
> you do it yourself: push a commit signed with the old key that
> introduces the new key.  Otherwise we have to trust that you really are
> the one who uploaded the new key on Savannah.

In this case, the old key had already expired.  I think others here
have reset the expiry date on their keys before?  I like the idea of
honoring the expiration dates I set, and creating a new key.  But I'm
also willing to adopt whatever we decide is a best practice.

Thanks again,

`~Eric

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]

Re: New signing key

[Ludovic Courtès]

Hi,

Eric Bavier <bavier@posteo.net> skribis:

> On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote:

[...]

>>   In
>> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
>> renamed the old one, but perhaps we can just remove the old one, if the
>> old sub-key is still in the new one?
>
> I think the old key is still there, yes.  I didn't remove it, just
> added the new key.

OK.  I removed the former key file from the ‘keyring’ branch in commit
359ca340273213f7bafda455c9f89db55d69849c; I checked with ‘guix git
authenticate’ that we can still authenticate former commits.

>> In the future, unless you lose control of the key, it’s even better if
>> you do it yourself: push a commit signed with the old key that
>> introduces the new key.  Otherwise we have to trust that you really are
>> the one who uploaded the new key on Savannah.
>
> In this case, the old key had already expired.  I think others here
> have reset the expiry date on their keys before?  I like the idea of
> honoring the expiration dates I set, and creating a new key.  But I'm
> also willing to adopt whatever we decide is a best practice.

I think either way is fine.  I set an expiry date a few months in the
future, and I change it a few weeks before it expires, the idea being
that if I lose control of the key (e.g., laptop stolen) it’ll expire not
too longer after that.

Thanks,
Ludo’.

Re: New signing key

[Tobias Geerinckx-Rice]

[-- Attachment #1: Type: text/plain, Size: 1577 bytes --]

Question: I think committers should be trusted with discretion in 
how they prefer to manage their keys, but how about briefly 
documenting a suggested sane key-management strategy to new 
committers, like we already describe some rando's editor set-up? 
:-)

I don't think most people *insist* on their current one, it's just 
what they know; and GPG is complex and gnarly.

Eric Bavier <bavier@posteo.net> skribis:
> In this case, the old key had already expired.  I think others 
> here
> have reset the expiry date on their keys before?

Limiting validity to 1…2y is considered good hygiene, as is simply 
extending the date whenever it's about to expire.  It proves you 
still control the private key.  It doesn't matter if you miss the 
deadline.

It's what I'd suggest for Guix because it gives committers full 
control over renewal without the inherent risk of updating the 
keyring & .guix-authorizations each time.  It also makes such 
commits less routine, which I think is good…

> I like the idea of honoring the expiration dates I set

Excellent, but ^ this…

> and creating a new key.

…doesn't imply ^ this.

Signing your existing key with a new expiry date is just as 
honourable^Wsecure, and much less hassle.  You would have avoided 
the delay you encountered here.  Others would get a better error 
message (‘expired’ vs. now ‘unknown’).  Etc.

I'm not aware of any authority on best practices that would claim 
the opposite, but if you are, I'd be grateful to hear about it!

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

Re: New signing key

[Eric Bavier]

[-- Attachment #1: Type: text/plain, Size: 960 bytes --]

Hi Tobias,

On Tue, 2021-06-29 at 16:40 +0200, Tobias Geerinckx-Rice wrote:
> Question: I think committers should be trusted with discretion in 
> how they prefer to manage their keys, but how about briefly 
> documenting a suggested sane key-management strategy to new 
> committers, like we already describe some rando's editor set-up? 
> :-)

I think this would be very nice. Especially if it laid out some of the
trade-offs as you did here.

> 
> I don't think most people *insist* on their current one, it's just 
> what they know; and GPG is complex and gnarly.
> 
...
> 
> I'm not aware of any authority on best practices that would claim 
> the opposite, but if you are, I'd be grateful to hear about it!
> 

No, I definitely fall into the group who don't insist on a strategy and
are just doing what they know :).  I appreciate your feedback!  And
I'll probably be making some adjustments to my workflow.

Thanks,

`~Eric

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]

Re: New signing key

[Ludovic Courtès]

Hello,

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> Question: I think committers should be trusted with discretion in how
> they prefer to manage their keys, but how about briefly documenting a
> suggested sane key-management strategy to new committers, like we
> already describe some rando's editor set-up? :-)

I had missed this message, but I think it’s a good idea!  Your message
is already a good start at that.

Thanks,
Ludo’.

Re: New signing key

[zimoun]

Hi Tobias,

On Tue, 29 Jun 2021 at 16:40, Tobias Geerinckx-Rice <me@tobias.gr> wrote:
> Question: I think committers should be trusted with discretion in 
> how they prefer to manage their keys, but how about briefly 
> documenting a suggested sane key-management strategy to new 
> committers, like we already describe some rando's editor set-up? 
> :-)

Yes, it will be really helpful, I guess. :-)


Cheers,
simon

New signing key

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 181 bytes --]

Hello,

I'm changing my Guix signing key from
B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
6840722EEEE4D3A64EE53EAC6AAC1963757F47FF.

Patches to follow. Testing is appreciated!

Leo

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: New signing key

[Maxim Cournoyer]

Hi,

Leo Famulari <leo@famulari.name> writes:

> Hello,
>
> I'm changing my Guix signing key from
> B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
> 6840722EEEE4D3A64EE53EAC6AAC1963757F47FF.
>
> Patches to follow. Testing is appreciated!

Thanks for the heads-up!

-- 
Thanks,
Maxim