Summary: | WKD: Disable www redirects for gentoo.org or provide keys at openpgpkey.gentoo.org | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | David Sardari <d> |
Component: | Other web server issues | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | d, gentoo, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=922727 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
David Sardari
2022-10-20 22:11:50 UTC
Honestly, I'd rather admit that it's 2022 and reverse the redirect rather than forcing www. like we were living in the 90s. The only drawback of only using the apex domain (gentoo.org) that comes to mind is the scope of cookies if they are set with "domain=gentoo.org" attribute: > The Domain attribute specifies which hosts can receive a cookie. > If unspecified, the attribute defaults to the same host > that set the cookie, excluding subdomains. > If Domain is specified, then subdomains are always included. > Therefore, specifying Domain is less restrictive than omitting it. Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#domain_attribute In that case, the cookies can be used for the apex domain as well as all subdomains which is most likely s.th. that isn't desired. app-portage/gemato only supports the WKD fetch of public keys that are hosted on the apex domain: https://github.com/projg2/gemato/blob/805ca36a222c5649b16134e818f8c8b23415c7a2/gemato/openpgp.py#L70 WKD advanced is online again. $ T=$(mktemp -d) ; gpg --homedir $T --auto-key-locate wkd --locate-external-keys infrastructure@gentoo.org releng@gentoo.org repomirrorci@gentoo.org ; rm -rf "$T" gpg: keybox '/tmp/tmp.KcIpfNLMh3/pubring.kbx' created gpg: /tmp/tmp.KcIpfNLMh3/trustdb.gpg: trustdb created gpg: key A13D0EF1914E7A72: public key "Gentoo repository mirrors (automated git signing key) <repomirrorci@gentoo.org>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found gpg: key 9E6438C817072058: public key "Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>" imported gpg: key BB572E0E2D182910: public key "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" imported gpg: Total number processed: 2 gpg: imported: 2 gpg: no ultimately trusted keys found gpg: key DB6B8C1F96D8BF6D: public key "Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found pub rsa4096 2018-05-28 [C] [expires: 2024-07-01] EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 uid [ unknown] Gentoo repository mirrors (automated git signing key) <repomirrorci@gentoo.org> sub rsa2048 2018-05-28 [S] [expires: 2024-07-01] pub dsa1024 2004-07-20 [SC] [expires: 2024-01-01] D99EAC7379A850BCE47DA5F29E6438C817072058 uid [ unknown] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org> sub elg2048 2004-07-20 [E] [expires: 2024-01-01] pub rsa4096 2011-11-25 [C] [expires: 2024-07-01] DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D uid [ unknown] Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org> sub rsa4096 2011-11-25 [S] [expires: 2024-07-01] |