Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659856 - slis: Non-conformant OpenPGP key
Summary: slis: Non-conformant OpenPGP key
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Developer account issues (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Sławek Lis (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 659842
  Show dependency tree
 
Reported: 2018-07-02 13:30 UTC by Michał Górny
Modified: 2018-08-01 19:59 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-07-02 13:30:05 UTC 
Your key does not meet minimal requirements set forth in GLEP 63 [1].  glep63-check [2] reports:

419CC94155265D89 [Sławomir Lis <lis.slawek@gmail.com>] [E] expire:none No expiration date on public key (<3 years recommended, 5 years max)
419CC94155265D89:ED51C49F388A92E4 [Sławomir Lis <lis.slawek@gmail.com>] [W] subkey:multipurpose Subkey has multiple capabilities enabled (has: [esa]; use dedicated subkeys!)
419CC94155265D89:ED51C49F388A92E4 [Sławomir Lis <lis.slawek@gmail.com>] [E] expire:none No expiration date on public key (<3 years recommended, 5 years max)
419CC94155265D89 [Sławomir Lis <lis.slawek@gmail.com>] [E] subkey:none Having a dedicated signing subkey is required
419CC94155265D89 [Sławomir Lis <lis.slawek@gmail.com>] [W] uid:nogentoo @gentoo.org e-mail not in key UIDs


Please revoke that multi-purpose subkey, create *dedicated* subkeys for encryption and signing (I honestly doubt you use auth), set expiration dates according to GLEP 63 and add your @gentoo.org address to UIDs [1].


[1]:https://www.gentoo.org/glep/glep-0063.html
[2]:https://github.com/mgorny/glep63-check
Comment 1 Sławek Lis (RETIRED) gentoo-dev 2018-07-03 07:13:39 UTC 
New key generated and sent. Key id 0x5A970F6D6B0B4E22
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-07-03 11:17:07 UTC 
Generating a new key wasn't really necessary.  In any case, the new key looks fine.  Please don't forget to update LDAP.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-08-01 19:59:36 UTC 
Since GLEP 63 has changed, I'm closing the bugs as OBSOLETE.