Signed-off-by: Mike Gilbert <flop...@gentoo.org>
---
glep-0063.rst | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/glep-0063.rst b/glep-0063.rst
index 82541bd..4191709 100644
--- a/glep-0063.rst
+++ b/glep-0063.rst
@@ -7,10 +7,10 @@ Author: Robin H. Johnson <robb...@gentoo.org>,
Michał Górny <mgo...@gentoo.org>
Type: Standards Track
Status: Final
-Version: 2.1
+Version: 2.2
Created: 2013-02-18
-Last-Modified: 2019-11-07
-Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24
+Last-Modified: 2020-12-17
+Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24, 2020-12-17
Content-Type: text/x-rst
---
@@ -28,6 +28,9 @@ OpenPGP key management policies for the Gentoo Linux
distribution.
Changes
=======
+v2.2
+ Added "Gentoo Keyserver" section under "Gentoo Infrastructure" chapter.
+
v2.1
A requirement for an encryption key has been added, in order to extend
the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev
@@ -135,8 +138,11 @@ their primary key).
5. Encrypted backup of your secret keys.
+Gentoo Infrstructure
+====================
+
Gentoo LDAP
-===========
+-----------
All Gentoo developers must list the complete fingerprint for their primary
keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits,
@@ -147,6 +153,16 @@ of the fingerprint field. In any place that presently
displays
the "``gpgkey``" field, the last 16 hex digits of the fingerprint should
be displayed instead.
+Gentoo Keyserver
+----------------
+
+Gentoo infrastructure uses a keyserver that is isolated from the SKS pool.
+This keyserver is restricted to accepting uploads from authorized Gentoo hosts.
+A script is provided on dev.gentoo.org to allow developers to upload their
+keys.
+
+``gpg --export KEYID | ssh dev.gentoo.org /usr/local/bin/openpgp-key-upload``
+
Backwards Compatibility
=======================
--
2.29.2
