Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 681802

Summary: GLEP 63: Require encryption subkey, and make primary certify-only
Product: Documentation Reporter: Michał Górny <mgorny>
Component: GLEP ChangesAssignee: GLEP Editors <glep>
Status: RESOLVED FIXED    
Severity: normal CC: council
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-03-26 15:27:26 UTC 
Patch sent for review:
https://archives.gentoo.org/gentoo-dev/message/be1f2aa498ebbd7d83110b52c5a9260e

No replies for over a month.  I would like to request the Council to vote on approving this update.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-05-02 05:41:07 UTC 
This was approved in the April meeting with 5 yes votes and 1 abstention.  Since the log has not been uploaded yet (sigh!), here's the relevant quote:

[21:51:49] <WilliamH> Ok, vote on whether or not to update glep 63 to require encryption subkey and mrecommend that primary key be for certification only:
[21:51:56] <WilliamH> recommend *
[21:52:06] -*- Whissi yes
[21:52:07] -*- dilfridge yes
[21:52:08] -*- K_F yes
[21:52:21] -*- leio yes
[21:52:34] -*- WilliamH abstain
[21:52:39] -*- ulm yes
[21:52:47] <WilliamH> The motion carries
Comment 2 Ulrich Müller gentoo-dev 2019-05-02 11:52:01 UTC 
(In reply to Michał Górny from comment #1)
> Since the log has not been uploaded yet (sigh!), [...]

But the log has been committed (and pushed) already on 2019-04-21:

https://gitweb.gentoo.org/sites/projects/council.git/commit/?id=af44ee6905f65a252f8a89c541098d0927a4fa43

commit af44ee6905f65a252f8a89c541098d0927a4fa43
Author: William Hubbs <williamh@gentoo.org>
Date:   Sun Apr 21 12:56:22 2019 -0500

    Add log for 2019-04-14 meeting
    
    Signed-off-by: William Hubbs <williamh@gentoo.org>
Comment 3 Larry the Git Cow gentoo-dev 2019-05-02 16:40:39 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/data/glep.git/commit/?id=6e8b76cf97c599812b443856450fae92d013ec3e

commit 6e8b76cf97c599812b443856450fae92d013ec3e
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-02-24 09:18:13 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-05-02 05:42:48 +0000

    glep-0063: Require encryption subkey, and make primary certify-only
    
    Following the recent mailing list discussion indicating that developers
    are taking GLEP 63 as only source of truth about OpenPGP keys, and can
    make assumption that if encryption key is not listed there they should
    not have one.  Amend the specification to extend it beyond the previous
    limited scope of commit signing, and require an encryption key
    appropriately.  This matches the GnuPG defaults.
    
    While at it, add a recommendation that the primary key is certify-only.
    Other usage is implicitly discouraged anyway via requiring subkeys.
    Originally this recommendation was omitted as I wasn't aware that gpg
    had a (hidden) option to change usage of existing keys.
    
    Closes: https://bugs.gentoo.org/681802
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 glep-0063.rst | 43 +++++++++++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 14 deletions(-)