Bug 71176

Comment 1 Tobias Klausmann (RETIRED) 2004-11-14 08:49:46 UTC

The following developer gpg keys are not available from pgp.mit.edu.

0x6A2D77EB    agaffney      Andrew Gaffney            
0x9AA910A9    blauwers      Bart Lauwers              
0x8F0A6315    caleb         Caleb Tennis              
0xC871249B    chrb          Chris Bainbridge          
0x7A5980EE    cjr           Chris Russell             
0xD6B49EE8    cyfred        Andrew Bevitt             
0x4747D9BE    dorileo       Leandro Dorileo           
0x36FE41CE    eklipse       Matt Jarjoura             
0x14201BBB    esammer       Eric Sammer               
0xBEAADC3A    gregf         Greg Fitzgerald           
0x7FCBD7CE    hillster      Joel Hill                 
0x45C583E6    iggy          Brian Jackson             
0x3FE637EC    jstubbs       Jason Stubbs              
0x57421777    katuyuki      Katsuyuki Konno           
0x49F69BF6    krispykringle Dan Margolis              
0x11C3411D    malc          Malcolm Lashley           
0x6C61958A    nakano        Masatomo Nakano           
0xF33A9CEF    naz           Michael Nazaroff          
0xCF7D6202    plate         Ulrich Plate              
0x60932574    randy         Michael McCabe            
0xA0C982C7    svyatogor     Sergey Kuleshov           
0x7EDC47B7    tantive       Michael Imhof             
0x3C7462D4    tester        Olivier Crête             
0xA0568509    tgall         Tom Gall                  
0x413951D2    zhware        Stoyan Zhekov             
0x8F29ED5C    zul           Chuck Short               

They might be available from other keyservers, but there should be one plae to get them all (either pgp.mit.edu or a hierarchy of keyservers like subkeys.pgp.net, I'd prefer the latter).

Comment 2 Kurt Lieber (RETIRED) 2004-11-14 08:54:38 UTC

would suggest we pick a common standard (pgp.mit.edu is my suggestion) and ask devs to publish to that server.

For any dev who needs the command:

gpg --keyserver pgp.mit.edu --send-key <your key ID here>

Comment 3 Tobias Klausmann (RETIRED) 2004-11-14 09:02:20 UTC

I think a *group* of servers might be better. Just in case pgp.mit.edu goes belly up or loses connectivity or is shutdown for good or...

I suggested subkeys because most other keyserver nets at least partially use software that is buggy (especially regarding sub-keys, but other bugs, too).

More info on the buggy keyserver software can be found on the GnuPG dev mailing lists.

Comment 4 Jason Huebel (RETIRED) 2004-11-14 13:38:59 UTC

I emailed malc regarding his key...

Comment 5 Donnie Berkholz (RETIRED) 2004-11-15 01:29:40 UTC

I agree on the subkeys -- pgp.mit.edu can't handle them, subkeys.pgp.net is preferable for anyone who uses them. And those people will probably increase as signing increases.

Is there any reason this is devrel-viewable-only?

Comment 6 Tobias Klausmann (RETIRED) 2004-12-28 05:42:09 UTC

The following keys are now available via subkeys.pgp.net:

0x45C583E6    iggy          Brian Jackson             
0x3FE637EC    jstubbs       Jason Stubbs              
0x49F69BF6    krispykringle Dan Margolis              
0x7EDC47B7    tantive       Michael Imhof             
0x3C7462D4    tester        Olivier Cr

Comment 7 Tobias Klausmann (RETIRED) 2004-12-28 05:42:09 UTC

The following keys are now available via subkeys.pgp.net:

0x45C583E6    iggy          Brian Jackson             
0x3FE637EC    jstubbs       Jason Stubbs              
0x49F69BF6    krispykringle Dan Margolis              
0x7EDC47B7    tantive       Michael Imhof             
0x3C7462D4    tester        Olivier Crête             

The rest is *still* missing.

Comment 8 Donnie Berkholz (RETIRED) 2004-12-28 10:57:37 UTC

Tobias, why don't you CC everyone who's still missing a key, and ask them to remove themselves once their key is available?

Comment 9 Tobias Klausmann (RETIRED) 2004-12-28 11:02:51 UTC

I don't know if I can add them as CC to this bug. I think I'll mail them directly and add a link to this bug.

Comment 10 Tobias Klausmann (RETIRED) 2004-12-28 11:03:40 UTC

Oh I just saw you opened the CC. Thanks.

Comment 11 Tobias Klausmann (RETIRED) 2004-12-28 11:19:01 UTC

Done. I had to exclude katuyuki@... though, Bugzilla didn't recognize that address.

Comment 12 Andrew Gaffney (RETIRED) 2004-12-28 11:26:01 UTC

I sent my key to subkeys.pgp.net. If it isn't there for some reason, CC me back on.

Comment 13 Ulrich Plate (RETIRED) 2004-12-28 13:30:38 UTC

My key has been available on both pgp.mit.edu and pgp.net for the past two years or so. I'm really not sure how I could have ended up on your list of missing keys.

http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=plate%40gentoo.org
http://pgp.mit.edu:11371/pks/lookup?search=plate%40gentoo.org&op=index

If there's anything else I need to do, please advise.

Comment 14 Tobias Klausmann (RETIRED) 2004-12-28 13:54:19 UTC

About like this:

$ gpg --search-key 0xCF7D6202
gpgkeys: WARNING: this is an *experimental* HKP interface!
gpgkeys: searching for "0xCF7D6202" from HKP server subkeys.pgp.net
gpg: key "0xCF7D6202" not found on keyserver

$ gpg --keyserver pgp.mit.edu --search-key 0xCF7D6202
gpgkeys: WARNING: this is an *experimental* HKP interface!
gpgkeys: searching for "0xCF7D6202" from HKP server pgp.mit.edu
gpg: key "0xCF7D6202" not found on keyserver

It seems this is a typo: CF7D6206 vs CF7D6202

Should be fixed on http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml

Comment 15 Tim Yamin (RETIRED) 2004-12-28 16:06:37 UTC

Updated plate's key on userinfo.xml...

http://pgp.mit.edu:11371/pks/lookup?op=index&search=cyfred

I have no idea why my key is whats listed in userinfo.xml, but anyway, someone with cvs access to there want to change mine to the above.

Comment 17 Chris Russell (RETIRED) 2005-01-01 02:18:07 UTC

sent key to both the recommended servers,

gpg --keyserver subkeys.pgp.net --search-keys 0x7A5980EE
gpgkeys: WARNING: this is an *experimental* HKP interface!
gpgkeys: searching for "0x7A5980EE" from HKP server subkeys.pgp.net
Keys 1-1 of 1 for "0x7A5980EE"
(1)     Chris Russell (SPARC Devel) <cjr@gentoo.org>
          1024 bit DSA key 7A5980EE, created 2002-10-07

gpg --keyserver pgp.mit.edu --search-keys 0x7A5980EE
gpgkeys: WARNING: this is an *experimental* HKP interface!
gpgkeys: searching for "0x7A5980EE" from HKP server pgp.mit.edu
Keys 1-1 of 1 for "0x7A5980EE"
(1)     Chris Russell (SPARC Devel) <cjr@gentoo.org>
          1024 bit DSA key 7A5980EE, created 2002-10-07

Comment 18 Chris Bainbridge (RETIRED) 2005-01-02 07:27:17 UTC

Added key to both servers.

Comment 19 Caleb Tennis (RETIRED) 2005-01-20 17:19:48 UTC

My key has been at pgp.mit.edu for a long time now; just verified and it's still there.

Comment 20 Joel Hill (RETIRED) 2005-01-30 18:33:08 UTC

im on both sub,and mit

Comment 21 Torsten Veller (RETIRED) 2005-01-30 23:16:07 UTC

Some more missing keys (on subkeys.pgp.net):

smark
Mark Dierolf
0x66EAE719

pbienst
Peter Bienstman
0x6800A03A

wormo
Stephanie J. Lockwood-Childs
0xB16E355F

gerrynjr
Gerald J. Normandin Jr.
0xC1DBDF81

genstef
Stefan Schweizer
0xE115F4DB


These are keys listed on dev-rel/roll-call/userinfo.xml.

What about Manifest signing keys? Following keys are not available:
07B36621 0E9E10AB 1E37DA76 3526BFED 3E2C0EEA 47F5241D 562FF0A4 5CF82066 77E89745
7819772C 8201AF45 8256272E 8F01B50A 91D838A7 96E7B687 AD8D10B6 AF09E289 B0FAE1C1
BC58B271 C4BBD87A EE466ED2 F71D8D6B

Maybe this thing needs some more/better communication.

Comment 22 Peter Bienstman (RETIRED) 2005-01-31 00:31:51 UTC

My key (0x3A680371) has been added to subkeys.pgp.net. 
My key ID should also be fixed in http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml

Comment 23 Stefan Schweizer (RETIRED) 2005-01-31 09:03:33 UTC

My key is now on the server:

gpg: searching for "0xE115F4DB" from hkp server pgp.mit.edu
(1)     Stefan Schweizer (genstef) <sschweizer <at> gmail.com>
          1024 bit DSA key E115F4DB, created: 2004-10-07

Comment 24 Wormo (RETIRED) 2005-02-01 11:26:34 UTC

Key 0xB16E355F sent to both pgp.mit.edu and subkeys.pgp.net

Comment 25 Tobias Klausmann (RETIRED) 2005-06-13 02:13:04 UTC

The following keys are *still* missing from both pgp.mit.edu and
subkeys.pgp.net, and they're all still listed on the roll-call page:

0xD6B49EE8    cyfred        Andrew Bevitt             
0x4747D9BE    dorileo       Leandro Dorileo           
0x36FE41CE    eklipse       Matt Jarjoura             
0x14201BBB    esammer       Eric Sammer               
0xBEAADC3A    gregf         Greg Fitzgerald           
0x57421777    katuyuki      Katsuyuki Konno           
0x11C3411D    malc          Malcolm Lashley           
0x6C61958A    nakano        Masatomo Nakano           
0xF33A9CEF    naz           Michael Nazaroff          
0x60932574    randy         Michael McCabe            
0xA0C982C7    svyatogor     Sergey Kuleshov           
0xA0568509    tgall         Tom Gall                  
0x413951D2    zhware        Stoyan Zhekov             
0x8F29ED5C    zul           Chuck Short               

Comment 26 Tobias Klausmann (RETIRED) 2005-11-07 05:50:50 UTC

Since it's been a while I rechecked the various keys. 

Keys newly found on subkeys.pgp.net (the owner will be romved from this bug's CC
list):

0x6C61958A    nakano        Masatomo Nakano           

Still unavailable:
0xD6B49EE8    cyfred        Andrew Bevitt             
0x4747D9BE    dorileo       Leandro Dorileo           
0x36FE41CE    eklipse       Matt Jarjoura             
0x14201BBB    esammer       Eric Sammer               
0xBEAADC3A    gregf         Greg Fitzgerald           
0x57421777    katuyuki      Katsuyuki Konno           
0x11C3411D    malc          Malcolm Lashley           
0x6C61958A    nakano        Masatomo Nakano           
0xF33A9CEF    naz           Michael Nazaroff          
0x60932574    randy         Michael McCabe            
0xA0C982C7    svyatogor     Sergey Kuleshov           
0xA0568509    tgall         Tom Gall                  
0x413951D2    zhware        Stoyan Zhekov             
0x8F29ED5C    zul           Chuck Short               

I've not yet checked if there are new developers with unknown keys, but I will
do so in the next few weeks.

Comment 27 Tobias Klausmann (RETIRED) 2006-01-10 04:14:04 UTC

I remove(d) the following from the CC list as they are no longer on the role-call page:

0xD6B49EE8    cyfred        Andrew Bevitt             
0xBEAADC3A    gregf         Greg Fitzgerald           
0x57421777    katuyuki      Katsuyuki Konno           
0xF33A9CEF    naz           Michael Nazaroff          
0x60932574    randy         Michael McCabe            

The following keys are still missing:

0x4747D9BE    dorileo       Leandro Dorileo           
0x36FE41CE    eklipse       Matt Jarjoura             
0x14201BBB    esammer       Eric Sammer               
0x11C3411D    malc          Malcolm Lashley           
0xA0C982C7    svyatogor     Sergey Kuleshov           
0xA0568509    tgall         Tom Gall                  
0x413951D2    zhware        Stoyan Zhekov             
0x8F29ED5C    zul           Chuck Short    

I'll check for new developers on the role-call page later this week.      

Comment 28 Tobias Klausmann (RETIRED) 2006-01-10 04:34:35 UTC

New developers that don't have keys ob subkeys.pgp.net:

0x3314EDFC allanonjl     John N. Laliberte 
0xBAC87090 amne          Wernfried Haas 
0xE81D9EEB codeman       Preston Cody 
0xC1DBDF81 gerrynjr      Gerald J. Normandin Jr. 
0x1FCCCC42 grobian       Fabian Groffen 
0x6321BC43 joshuabaergen Joshua Baergen 
0x65FE446E kallamej      Anders Hellgren 
0x70A1CD98 st3vie        Senno During 
0x5C4CFC79 thunder       Damian Florczyk
0x828CCD0B trombik       Tomoyuki Sakurai 
0xC7B6B129 urilith       Michael Tindal 
0x0D467F43 zaheerm       Zaheer Abbas Merali 

None of them is available from pgp.mit.edu, either.
All of those usernames have been added to this bugs' CC list as gentoo.org addresses.

This one isn't even CC'able:
0x828CCD0B trombik       Tomoyuki Sakurai 

Comment 29 Anders Hellgren 2006-01-10 10:20:27 UTC

Key uploaded.

Comment 30 Wernfried Haas (RETIRED) 2006-01-10 11:28:54 UTC

My key is here: http://pgp.mit.edu:11371/pks/lookup?search=0x16E5A780&op=index

I had an old key (0xBAC87090) which i replaced with the new one, the information shown in userinfo.xml was changed when doing this. Seems userinfo.xml was for some reason showing my old key again, it's fixed now (as it is in LDAP).
Please cc: me again if there still are problems (which i don't expect).

Comment 31 Tobias Klausmann (RETIRED) 2006-01-11 04:37:07 UTC

CC'ing plasmaroo because of the role-call bug mentioned in comment #28

Comment 32 Bryan Østergaard (RETIRED) 2006-01-12 12:05:57 UTC

I've already updated roll-call to reflect amnes new key (comment #28).

Comment 33 Joshua Baergen (RETIRED) 2006-01-22 13:25:55 UTC

I just sent my key to a keyserver, so it should be available soon.

The roll call page has my key listed incorrectly:

6321BC43
should be
6231BC43

Comment 34 Bryan Østergaard (RETIRED) 2006-01-22 14:17:47 UTC

(In reply to comment #31)
> I just sent my key to a keyserver, so it should be available soon.
> 
> The roll call page has my key listed incorrectly:
> 
> 6321BC43
> should be
> 6231BC43
> 

Fixed in ldap + roll-call.

Comment 35 Joshua Baergen (RETIRED) 2006-02-05 18:23:42 UTC

Aaaaand I'm going to have to get that changed again.  There were some issues with that previous key, and I have revoked it.  My permanent key (I promise!) is now:

FA5B44E2

Comment 36 Jakub Moc (RETIRED) 2006-07-25 17:44:04 UTC

Removing retired devs from CC.

Comment 37 Eric Sammer (RETIRED) 2006-07-26 08:16:09 UTC

The laptop with my old pgp key has died. I had to generate a new key which is now on pgp.mit.edu - 16B32BEC. I will try and get this updated on the role call page as well. (Leaving myself on CC list until then.)

Comment 38 Malcolm Lashley (RETIRED) 2006-07-26 17:15:29 UTC

CC->self::remove() 
;-)
<pgpkey>0x11C3441D</pgpkey>
is correct in userinfo.xml and is on pgp.mit.edu.

Comment 39 Tobias Klausmann (RETIRED) 2007-02-23 22:29:26 UTC

My check as of a few minutes ago shows all 328 keys mentioned on the roll call page to be available on subkeys. Finally, this bug may be closed.

Or should we keep it open as a reminder for regular checks?

Comment 40 Zaheer Abbas Merali (RETIRED) 2007-02-27 15:50:11 UTC

my key is not there, will no as soon as i get home

Comment 41 Tobias Klausmann (RETIRED) 2008-12-13 10:29:07 UTC

Thought I'd revisit this one. These are neither on subkeys.pgp.net nor on pgp.mit.edu:

0AE800D4 bunder    Chris Henhawke
42818A52 weaver    Andrey Kislyuk
4B531376 grozin    Andrey Grozin
60F8A50F darkside  Jeremy Olexa
8F856A5C nichoj    Joshua Nichols
901AB08A remi      Remi Cardona
91E5AEB2 mduft     Markus Duft
A0568509 tgall     Tom Gall
E81D9EEB codeman   Preston Cody

Comment 42 Chris Henhawke (RETIRED) 2008-12-14 16:33:51 UTC

try me again.  didn't realize i had to upload it.

Comment 43 Rémi Cardona (RETIRED) 2009-01-19 14:10:45 UTC

Mine should be on subkeys.pgp.net now (with the same key id).

Thanks and sorry for taking so long :)

Comment 44 Andrey Kislyuk (RETIRED) 2009-01-22 17:23:02 UTC

Mine is on subkeys.pgp.net as well.

Sorry for the delay!

Comment 45 Robert Buchholz (RETIRED) 2009-08-19 23:55:59 UTC

People, it's very easy. Just run 
$ gpg --keyserver subkeys.pgp.net --send-key $KEYID

The following active devs are currently missing.

codeman : E81D9EEB
darkside: 60F8A50F
mduft   : 91E5AEB2
tgall   : A0568509
volkmar : F2D5A6BE

Comment 46 Robert Buchholz (RETIRED) 2009-08-20 00:06:49 UTC

volkmar's key is now up

Comment 47 Jeremy Olexa (darkside) (RETIRED) 2009-08-20 00:18:36 UTC

When there is a requirement to sign something, I will. Until then I don't really care.

Comment 48 Markus Duft (RETIRED) 2009-08-20 06:30:57 UTC

(In reply to comment #45)
> People, it's very easy. Just run 
> $ gpg --keyserver subkeys.pgp.net --send-key $KEYID
> The following active devs are currently missing.
> mduft   : 91E5AEB2

hm. since i'm gentoo prefix on windows developer, i don't even have gpg. i created the key once on a linux machine at our company, just because i had to. i will try to find the key on that machine, but i cannot promise... :)

Comment 49 Markus Duft (RETIRED) 2009-08-20 06:34:42 UTC

also there seems to be a problem with the keyserver:

gpg: sending key 91E5AEB2 to hkp server subkeys.gpg.net
gpgkeys: HTTP post error 22: The requested URL returned error: 503
gpg: keyserver internal error
gpg: keyserver send failed: Keyserver error

Comment 50 Petteri Räty (RETIRED) 2009-08-20 17:28:56 UTC

(In reply to comment #48)
> 
> hm. since i'm gentoo prefix on windows developer, i don't even have gpg. i
> created the key once on a linux machine at our company, just because i had to.
> i will try to find the key on that machine, but i cannot promise... :)
> 

Just don't loose your ssh public keys as GPG is the way you can reset them.

Comment 51 Markus Duft (RETIRED) 2010-01-26 10:34:23 UTC

finally, i managed to submit my key, after taking a while to crawl through gpg man pages :)

Key with ID 7FF324F6 used to sign manifest of www-client/qupzila is not accessible via keyservers

Comment 53 Pacho Ramos 2014-11-15 18:28:09 UTC

Not sure what is the status of this currently... and what actions are supposed to be taken by comrel, are you sure this is assigned properly?

Comment 54 Justin Lecher (RETIRED) 2014-11-16 10:15:58 UTC

(In reply to Pacho Ramos from comment #53)
> Not sure what is the status of this currently... and what actions are
> supposed to be taken by comrel, are you sure this is assigned properly?

Perhaps the gentoo-keys project should take this over.

Comment 55 Pacho Ramos 2014-11-21 17:55:27 UTC

(In reply to Justin Lecher from comment #54)
> (In reply to Pacho Ramos from comment #53)
> > Not sure what is the status of this currently... and what actions are
> > supposed to be taken by comrel, are you sure this is assigned properly?
> 
> Perhaps the gentoo-keys project should take this over.

I agree :)

missing key used to sign sci-visualization/gnuplot:
0xC719EE20

Comment 57 Kristian Fiskerstrand (RETIRED) 2015-02-28 14:27:17 UTC

(In reply to Christian Apeltauer from comment #56)
> missing key used to sign sci-visualization/gnuplot:
> 0xC719EE20

Hi Haubi, as far as I can see this is your key, can you make it available on the pool.sks-keyservers.net keyserver?

Comment 58 Michael Haubenwallner (RETIRED) 2015-03-02 10:21:51 UTC

(In reply to Kristian Fiskerstrand from comment #57)

done, thanks!

Comment 59 Kristian Fiskerstrand (RETIRED) 2015-03-02 14:50:35 UTC

(In reply to Michael Haubenwallner from comment #58)
> (In reply to Kristian Fiskerstrand from comment #57)
> 
> done, thanks!

Hmm, I still don't see it on the keyserver network, can you confirm that 0xC719EE20 is indeed your key? (the only one I see for you on the network is a 1024 bit DSA key from 2007 with long keyID 0x2DCD1358A630CCB8 )

Comment 60 Michael Haubenwallner (RETIRED) 2015-03-02 17:56:26 UTC

(In reply to Kristian Fiskerstrand from comment #59)
> Hmm, I still don't see it on the keyserver network, can you confirm that
> 0xC719EE20 is indeed your key?

Yes, that's the new one.
Looks like some firewall problem thunderbird fails to yell about - unlike commandline actually. Uploading via ssh-tunnel seems to have worked now...

> (the only one I see for you on the network is
> a 1024 bit DSA key from 2007 with long keyID 0x2DCD1358A630CCB8 )

Yes, that's the old one.

Comment 61 Kristian Fiskerstrand (RETIRED) 2015-03-02 18:00:25 UTC

(In reply to Michael Haubenwallner from comment #60)
> (In reply to Kristian Fiskerstrand from comment #59)
> > Hmm, I still don't see it on the keyserver network, can you confirm that
> > 0xC719EE20 is indeed your key?
> 
> Yes, that's the new one.
> Looks like some firewall problem thunderbird fails to yell about - unlike
> commandline actually. Uploading via ssh-tunnel seems to have worked now...

Thanks, can confirm it is available now, fwiw, --keyserver hkp://p80.pool.sks-keyservers.net:80 can be used behind most firewalls as it is regular HTTP request on standard port :)

Comment 62 Kristian Fiskerstrand (RETIRED) 2017-01-04 22:05:18 UTC

Please open another bug if developer keyblocks are unavailable on generally accessible keyservers