wrong key used for signing

wrong key used for signing

[Thomas Danckaert]

I accidentally used the wrong key when signing my commits to 
core-updates yesterday.  How can I fix this? A number of commits were 
already made on top of mine, so we'd need to rebase?

These are the offending commits:

b1a8fd2d2 gnu: libreoffice: Update to 5.3.1.2.
90ac806d3 gnu: orcus: Update to 0.12.1.
b85b56dd7 gnu: libetonyek: Update to 0.1.6.
22e52dbd0 gnu: Add libstaroffice.
cb3864392 gnu: ixion: Update to 0.12.2.
57144094b gnu: mdds: Upgrade to 1.2.2.
741916f11 gnu: Add libzmf.

Thomas

Re: wrong key used for signing

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 847 bytes --]

Thomas Danckaert <post@thomasdanckaert.be> writes:

> I accidentally used the wrong key when signing my commits to 
> core-updates yesterday.  How can I fix this? A number of commits were 
> already made on top of mine, so we'd need to rebase?

If you can send a signed message (using key D77D54FD according to my
books) containing the public key of the key used to sign these commits
(so they can be verified), I think that is proof enough. Assuming you
admit to making them, of course :-)

> These are the offending commits:
>
> b1a8fd2d2 gnu: libreoffice: Update to 5.3.1.2.
> 90ac806d3 gnu: orcus: Update to 0.12.1.
> b85b56dd7 gnu: libetonyek: Update to 0.1.6.
> 22e52dbd0 gnu: Add libstaroffice.
> cb3864392 gnu: ixion: Update to 0.12.2.
> 57144094b gnu: mdds: Upgrade to 1.2.2.
> 741916f11 gnu: Add libzmf.
>
> Thomas

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: wrong key used for signing

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 777 bytes --]

Marius Bakke <mbakke@fastmail.com> writes:

> Thomas Danckaert <post@thomasdanckaert.be> writes:
>
>> I accidentally used the wrong key when signing my commits to 
>> core-updates yesterday.  How can I fix this? A number of commits were 
>> already made on top of mine, so we'd need to rebase?
>
> If you can send a signed message (using key D77D54FD according to my
> books) containing the public key of the key used to sign these commits
> (so they can be verified), I think that is proof enough. Assuming you
> admit to making them, of course :-)

To be clear, simply "vouching" for the commits in a signed message is
good enough for me. It would be good to have the signing key for future
reference, but if you don't want to disclose it I'm fine with that.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: wrong key used for signing

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 404 bytes --]

On Tue, Mar 28, 2017 at 03:03:23PM +0200, Marius Bakke wrote:
> To be clear, simply "vouching" for the commits in a signed message is
> good enough for me. It would be good to have the signing key for future
> reference, but if you don't want to disclose it I'm fine with that.

The key that was used mistakenly, A5C5 92EA 606E 7106 A6A3  BC08 98B2
1575 91E1 2B08, is still available on the key servers.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: wrong key used for signing

[Thomas Danckaert]

[-- Attachment #1: Type: Text/Plain, Size: 935 bytes --]

From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: wrong key used for signing
Date: Tue, 28 Mar 2017 15:03:23 +0200

>> If you can send a signed message (using key D77D54FD according to
>> my
>> books) containing the public key of the key used to sign these
>> commits
>> (so they can be verified), I think that is proof enough. Assuming
>> you
>> admit to making them, of course :-)
>
> To be clear, simply "vouching" for the commits in a signed message
> is
> good enough for me. It would be good to have the signing key for
> future
> reference, but if you don't want to disclose it I'm fine with that.

As Leo found out, it's just an old key (that I didn't intend to use
anymore, I should probably just revoke it).  For now, I signed it
with the new key (find it here:
http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex).

For sake of completeness: I vouch for the commits referenced in the
attached log.

Thomas

[-- Attachment #2: commit.log --]
[-- Type: Text/Plain, Size: 2223 bytes --]

commit e1abe244f3810e5a1bb82ed70c2290e54d87ac95
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 14:16:54 2017 +0100

   gnu: libreoffice: Update to 5.3.1.2.

   * gnu/packages/libreoffice.scm (libreoffice): Update to 5.3.1.2.
   [inputs]: Add libstaroffice and libzmf.
   [arguments]: Remove reference to removed patch; unpack xmlsec
1.2.23 tarball.
   (xmlsec-src-libreoffice): Update to version 1.2.23 tarball.

commit 5dc2875fa279739e79c3ea7bc0bbd85814c25dcc
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:57:18 2017 +0100

   gnu: orcus: Update to 0.12.1.

   * gnu/packages/libreoffice.scm (orcus): Update to 0.12.1.
   [inputs]: Add python.

commit 65cb686e887d8e6311f48c716f8fd29d409db5d0
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:53:56 2017 +0100

   gnu: libetonyek: Update to 0.1.6.

   * gnu/packages/libreoffice.scm (libetonyek): Update to 0.1.6.
   [arguments]: Add phase 'autoreconf, because configure.ac is
patched.  Add
   configure flag "--with-mdds=1.2".
   [inputs]: Add liblangtag.
   [native-inputs]: Add autoconf and automake.
   * gnu/packages/patches/libetonyek-build-with-mdds-1.2.patch: New
file.
   * gnu/local.mk (dist_patch_DATA): Add it.

commit c2afb00f1145e136d0a97632cbd0a8dc3ccc2ca8
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:37:57 2017 +0100

   gnu: Add libstaroffice.

   * gnu/packages/libreoffice.scm (libstaroffice): New variable.

commit 4e70c654d52c0d93069f8ceec0face6f24cb249e
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 12:25:29 2017 +0100

   gnu: ixion: Update to 0.12.2.

   * gnu/packages/libreoffice.scm (ixion): Update to 0.12.2.
   [inputs]: Replace python-2 by python.

commit 9adf830916a244c857187be02b18b25603551781
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 12:19:22 2017 +0100

   gnu: mdds: Upgrade to 1.2.2.

   * gnu/packages/boost.scm (mdds): Upgrade to 1.2.2.

commit 5bcb40fc37b065672c3a88811dfb170a6d44908a
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 11:58:22 2017 +0100

   gnu: Add libzmf.

   * gnu/packages/libreoffice.scm (libzmf): New Variable.

Re: wrong key used for signing

[Thomas Danckaert]

[-- Attachment #1.1: Type: Text/Plain, Size: 983 bytes --]

(now actually including the signature... sigh)

From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: wrong key used for signing
Date: Tue, 28 Mar 2017 15:03:23 +0200

>> If you can send a signed message (using key D77D54FD according to
>> my
>> books) containing the public key of the key used to sign these
>> commits
>> (so they can be verified), I think that is proof enough. Assuming
>> you
>> admit to making them, of course :-)
>
> To be clear, simply "vouching" for the commits in a signed message
> is
> good enough for me. It would be good to have the signing key for
> future
> reference, but if you don't want to disclose it I'm fine with that.

As Leo found out, it's just an old key (that I didn't intend to use
anymore, I should probably just revoke it).  For now, I signed it
with the new key (find it here:
http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex).

For sake of completeness: I vouch for the commits referenced in the
attached log.

Thomas

[-- Attachment #1.2: commit.log --]
[-- Type: Text/Plain, Size: 2198 bytes --]

commit e1abe244f3810e5a1bb82ed70c2290e54d87ac95
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 14:16:54 2017 +0100

  gnu: libreoffice: Update to 5.3.1.2.

  * gnu/packages/libreoffice.scm (libreoffice): Update to 5.3.1.2.
  [inputs]: Add libstaroffice and libzmf.
  [arguments]: Remove reference to removed patch; unpack xmlsec
1.2.23 tarball.
  (xmlsec-src-libreoffice): Update to version 1.2.23 tarball.

commit 5dc2875fa279739e79c3ea7bc0bbd85814c25dcc
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:57:18 2017 +0100

  gnu: orcus: Update to 0.12.1.

  * gnu/packages/libreoffice.scm (orcus): Update to 0.12.1.
  [inputs]: Add python.

commit 65cb686e887d8e6311f48c716f8fd29d409db5d0
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:53:56 2017 +0100

  gnu: libetonyek: Update to 0.1.6.

  * gnu/packages/libreoffice.scm (libetonyek): Update to 0.1.6.
  [arguments]: Add phase 'autoreconf, because configure.ac is
patched.  Add
  configure flag "--with-mdds=1.2".
  [inputs]: Add liblangtag.
  [native-inputs]: Add autoconf and automake.
  * gnu/packages/patches/libetonyek-build-with-mdds-1.2.patch: New
file.
  * gnu/local.mk (dist_patch_DATA): Add it.

commit c2afb00f1145e136d0a97632cbd0a8dc3ccc2ca8
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 13:37:57 2017 +0100

  gnu: Add libstaroffice.

  * gnu/packages/libreoffice.scm (libstaroffice): New variable.

commit 4e70c654d52c0d93069f8ceec0face6f24cb249e
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 12:25:29 2017 +0100

  gnu: ixion: Update to 0.12.2.

  * gnu/packages/libreoffice.scm (ixion): Update to 0.12.2.
  [inputs]: Replace python-2 by python.

commit 9adf830916a244c857187be02b18b25603551781
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 12:19:22 2017 +0100

  gnu: mdds: Upgrade to 1.2.2.

  * gnu/packages/boost.scm (mdds): Upgrade to 1.2.2.

commit 5bcb40fc37b065672c3a88811dfb170a6d44908a
Author: Thomas Danckaert <thomas.danckaert@gmail.com>
Date:   Fri Mar 24 11:58:22 2017 +0100

  gnu: Add libzmf.

  * gnu/packages/libreoffice.scm (libzmf): New Variable.

[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]

Re: wrong key used for signing

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 673 bytes --]

On Tue, Mar 28, 2017 at 10:47:05AM +0200, Marius Bakke wrote:
> Thomas Danckaert <post@thomasdanckaert.be> writes:
> 
> > I accidentally used the wrong key when signing my commits to 
> > core-updates yesterday.  How can I fix this? A number of commits were 
> > already made on top of mine, so we'd need to rebase?

Thanks for pointing it out! This has spurred me to assemble a Guix
keyring.

> If you can send a signed message (using key D77D54FD according to my
> books) containing the public key of the key used to sign these commits
> (so they can be verified), I think that is proof enough. Assuming you
> admit to making them, of course :-)

Agreed!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]