all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Leo Famulari <leo@famulari.name>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: Call for volunteer(s) for Guix "security" web page
Date: Tue, 27 Sep 2016 14:16:07 -0400	[thread overview]
Message-ID: <20160927181607.GJ2569@jasmine> (raw)
In-Reply-To: <87ponp90ta.fsf@gnu.org>


[-- Attachment #1.1: Type: text/plain, Size: 805 bytes --]

On Tue, Sep 27, 2016 at 10:58:09AM +0200, Ludovic Courtès wrote:
> > +               (h2 "Release signatures")
> > +               (p "Releases of Guix and GuixSD are signed using the OpenPGP "
> > +                  "key with the fingerprint "
> > +                  "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5.  "
> > +                  "This key can be obtained from XXX.")
> 
> Maybe link to
> <https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html>
> or copy/paste the text?  Though we should give a ‘gpg --recv-keys’
> command that uses the full fingerprint instead of just the 64-bit ID
> (which is still too small, some say.)

Here's a patch that uses the fingerprint in guix.texi. What do you
think? Also, please verify that I've got it right :)

[-- Attachment #1.2: 0001-doc-Give-the-full-key-fingerprint-instead-of-the-lon.patch --]
[-- Type: text/plain, Size: 847 bytes --]

From 64b1df0a9565154ac2a1bd5289a13572b00bb5e0 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 27 Sep 2016 14:12:02 -0400
Subject: [PATCH] doc: Give the full key fingerprint instead of the long key
 ID.

* doc/guix.texi (OPENPGP-SIGNING-KEY-ID): Use fingerprint instead of
long key ID.
---
 doc/guix.texi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index c159e12..239428a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10,7 +10,7 @@
 @include version.texi
 
 @c Identifier of the OpenPGP key used to sign tarballs and such.
-@set OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5
+@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
 
 @copying
 Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@*
-- 
2.10.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

  reply	other threads:[~2016-09-27 18:27 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-16 16:14 Call for volunteer(s) for Guix "security" web page Leo Famulari
2016-09-22 10:04 ` ng0
2016-09-27 18:04   ` Leo Famulari
2016-09-25 22:52 ` Leo Famulari
2016-09-27  8:58   ` Ludovic Courtès
2016-09-27 18:16     ` Leo Famulari [this message]
2016-09-28 21:08       ` Ludovic Courtès
2016-09-27 18:26     ` Leo Famulari
2016-09-28 21:07       ` Ludovic Courtès
2016-09-29 15:04       ` Leo Famulari
2016-09-30 12:08         ` Ludovic Courtès
2016-09-30 18:06           ` Leo Famulari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160927181607.GJ2569@jasmine \
    --to=leo@famulari.name \
    --cc=guix-devel@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.