Skip to content

added Tobias Mueller#17

Closed
muelli wants to merge 3 commits into
debops:masterfrom
muelli:master
Closed

added Tobias Mueller#17
muelli wants to merge 3 commits into
debops:masterfrom
muelli:master

Conversation

@muelli

@muelli muelli commented Feb 10, 2017

Copy link
Copy Markdown

To be able to create a changelog entry for debops/ansible-apache#9

@ypid ypid left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going all the way, nice. Welcome! 👍 But please read the docs of the keyring again. Your commit in this repo MUST be signed (along with other REQUIREMENTS and SUGGESTIONS).

@drybjed

drybjed commented Feb 10, 2017

Copy link
Copy Markdown
Member

@ypid It seems that one of you OpenPGP keys has expired: https://travis-ci.org/debops/debops-keyring/builds/167402145#L197

Comment thread keyids Outdated
0x5FE92C12EE88E1F0 Robin Schneider <ypid>
0x489A4D5EC353C98A Robin Schneider <ypid>
0xDAA9DC5E750C1E85 Aleksey Gavrilov <le9i0nx>
0x610CB25237B370E9EB2108E89CEE1B6B059B598E <muelli>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your name is missing here which makes CI tests fail.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, please check the source to see if full fingerprints instead of keyids are supported.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@muelli I think that you still need to add your name here for the test to pass.

@ypid

ypid commented Feb 10, 2017

Copy link
Copy Markdown
Member

@drybjed Could be the issue, I will check that in a few hours.

@drybjed

drybjed commented Feb 11, 2017

Copy link
Copy Markdown
Member

@muelli Can you rebase this PR on latest changes in the repository and push to the same branch? Let's see if it works now.

@drybjed

drybjed commented Feb 11, 2017

Copy link
Copy Markdown
Member

@muelli Got some progress! Now you just need to use a shorter fingerprint and it should be fine. Seems that the test script doesn't handle that automatically.

@ypid

ypid commented Feb 11, 2017

Copy link
Copy Markdown
Member

@drybjed is right, the keyring format uses full ID but not the fingerprint. But don’t worry, the script will include your fingerprint from the OpenPGP key on https://docs.debops.org/en/latest/debops-keyring/docs/entities.html

@ypid ypid left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make a changelog entry. You can now use the format which hyperlinks to the page which is just about to contain your entry. Note that your entry in https://docs.debops.org/en/latest/debops-keyring/docs/entities.html links to your user page in the DebOps wiki which you can create if you want.

@muelli

muelli commented Feb 11, 2017

Copy link
Copy Markdown
Author

Now you just need to use a shorter fingerprint and it should be fine. Seems that the test script doesn't handle that automatically.

hm. you mean in the keyids file?
I can do that, but what's the reasoning there? It seems very arbitrary to me. I mean, for using longids you need to actively configure gnupg. And being a lazy person, I assume there is a reason which justifies performing that extra work. GnuPG seems to easily show either short ids (by default) or full fingerprints (with --fingerprint). I think I can guess why you're not using the easiest of those, the short keyids. You're probably concerned about the security, because short keyids can easily be collided. But then why don't go for the full fingerprint? That's easier to use, due to the --fingerprint flag and also much more secure, because long keyids can also easily be collided. By using the full 160 bit fingerprint, not only does one not have to configure GnuPG, but you also don't fall for non existing security properties.

@ypid

ypid commented Feb 11, 2017

Copy link
Copy Markdown
Member

Simple, as Debian is our role model here: https://anonscm.debian.org/git/keyring/keyring.git/tree/debian-nonupload-gpg

Hm, we have a hard requirement of >= 2048 bits key length (RSA) which your OpenPGP key does not meet. 1024 is not appropriate anymore unfortunately. You should regen it. That is unfortunate, also because your current key has an impressive number of signatures. Great work!

@drybjed

drybjed commented Oct 5, 2017

Copy link
Copy Markdown
Member

@muelli Did you manage to renew your GPG key? If not, I'll close this PR for now, to allow the merge of the DebOps roles and playbooks into one git repository, we can get back to PR after that happens.

@drybjed

drybjed commented Oct 20, 2017

Copy link
Copy Markdown
Member

I'm closing this PR in preparation of the project repository merge during weekend. I'm not sure yet what will happen with the keyring repository, we can get back to it later.

@drybjed drybjed closed this Oct 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants