Re: [ClusterLabs] [ClusterLabs Developers] [HA/ClusterLabs Summit] Key-Signing Party, 2017 Edition

2017-09-06 Thread Jan Pokorný 
On 24/07/17 16:59 +0200, Jan Pokorný wrote:
> On 23/07/17 12:32 +0100, Adam Spiers wrote:
>> Jan Pokorný  wrote:
>>> So, going to attend summit and want your key signed while reciprocally
>>> spreading the web of trust?
>>> Awesome, let's reuse the steps from the last time:
>>> 
>>> Once you have a key pair (and provided that you are using GnuPG),
>>> please run the following sequence:
>>> 
>>>   # figure out the key ID for the identity to be verified;
>>>   # IDENTITY is either your associated email address/your name
>>>   # if only single key ID matches, specific key otherwise
>>>   # (you can use "gpg -K" to select a desired ID at the "sec" line)
>>>   KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
>> 
>> AFAICS this has two problems: it's missing a --list-key option,
> 
> Bummer!  I've been checking the original thread(s) for responses from
> others, but forgot to check my own:
> http://lists.linux-ha.org/pipermail/linux-ha/2015-January/048511.html
> 
> Thanks for spotting (and the public key already sent), Adam.
> 
>> and it doesn't handle multiple matches for 'IDENTITY'.  So to make it
>> choose the newest key if there are several:
>> 
>>read IDENTITY
>>KEY=$(gpg --with-colons --list-key "$IDENTITY" | grep '^pub' |
>>  sort -t: -nr -k6 | head -n1 | cut -d: -f5)
> 
> Good point.  Hopefully affected persons, allegedly heavy users of GPG,
> are capable to adapt on-the-fly anyway :-)
> 
>>>  # export the public key to a file that is suitable for exchange
>>>  gpg --export -a -- $KEY > $KEY
>>> 
>>>  # verify that you have an expected data to share
>>>  gpg --with-fingerprint -- $KEY

Thanks to the attendants and I am sorry for not responding to the ones
with on-the-edge submissions -- there was actually an active one
accepted and I've refreshed the authoritative record about the event
at https://people.redhat.com/jpokorny/keysigning/2017-ha/ accordingly
(see '*2.*' suffixes).

I'd also kindly ask the actual attendants (one person skipped the
event) to do the remaining signing work within the month at latest.
You can just grab the key of the other, already verified party from
the linked source (or the well known key server if present), sign it,
and then (IMHO) preferably send the signed key back to the original
person at one of his/her listed email, again (IMHO) preferably in an
encrypted form.  There are various tools to help with this workflow at
scale, such as PIUS (https://github.com/jaymzh/pius) to give an
example, but YMMV.

May the web of trust be with you.

-- 
Jan (Poki)


pgpEgIhORttyN.pgp
Description: PGP signature
___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] [ClusterLabs Developers] [HA/ClusterLabs Summit] Key-Signing Party, 2017 Edition

2017-07-24 Thread Jan Pokorný 
On 23/07/17 12:32 +0100, Adam Spiers wrote:
> Jan Pokorný  wrote:
>> So, going to attend summit and want your key signed while reciprocally
>> spreading the web of trust?
>> Awesome, let's reuse the steps from the last time:
>> 
>> Once you have a key pair (and provided that you are using GnuPG),
>> please run the following sequence:
>> 
>>   # figure out the key ID for the identity to be verified;
>>   # IDENTITY is either your associated email address/your name
>>   # if only single key ID matches, specific key otherwise
>>   # (you can use "gpg -K" to select a desired ID at the "sec" line)
>>   KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
> 
> AFAICS this has two problems: it's missing a --list-key option,

Bummer!  I've been checking the original thread(s) for responses from
others, but forgot to check my own:
http://lists.linux-ha.org/pipermail/linux-ha/2015-January/048511.html

Thanks for spotting (and the public key already sent), Adam.

> and it doesn't handle multiple matches for 'IDENTITY'.  So to make it
> choose the newest key if there are several:
> 
>read IDENTITY
>KEY=$(gpg --with-colons --list-key "$IDENTITY" | grep '^pub' |
>  sort -t: -nr -k6 | head -n1 | cut -d: -f5)

Good point.  Hopefully affected persons, allegedly heavy users of GPG,
are capable to adapt on-the-fly anyway :-)

>>  # export the public key to a file that is suitable for exchange
>>  gpg --export -a -- $KEY > $KEY
>> 
>>  # verify that you have an expected data to share
>>  gpg --with-fingerprint -- $KEY

-- 
Jan (Poki)


pgpUQYEVl7JOS.pgp
Description: PGP signature
___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] [ClusterLabs Developers] [HA/ClusterLabs Summit] Key-Signing Party, 2017 Edition

2017-07-24 Thread Kristoffer Grönlund 
Jan Pokorný  writes:

> [ Unknown signature status ]
> Hello cluster masters :-)
>
> as there's little less than 7 weeks left to "The Summit" meetup
> (), it's about time to get the ball
> rolling so we can voluntarily augment the digital trust amongst
> us the attendees, on OpenGPG basis.
>
> Doing that, we'll actually establish a tradition since this will
> be the second time such event is being kicked off (unlike the birds
> of the feather gathering itself, was edu-feathered back then):
>
>   
>   
>
> If there are no objections, yours truly will conduct this undertaking.
> (As an aside, I am toying with an idea of optimizing the process
> a bit now that many keys are cross-signed already; I doubt there's
> a value of adding identical signatures just with different timestamps,
> unless, of course, the inscribed level of trust is going to change,
> presumably elevate -- any comments?)

Hi Jan,

No objections from me, thank you for taking charge of this!

Cheers,
Kristoffer


>
> * * *
>
> So, going to attend summit and want your key signed while reciprocally
> spreading the web of trust?
> Awesome, let's reuse the steps from the last time:
>
> Once you have a key pair (and provided that you are using GnuPG),
> please run the following sequence:
>
> # figure out the key ID for the identity to be verified;
> # IDENTITY is either your associated email address/your name
> # if only single key ID matches, specific key otherwise
> # (you can use "gpg -K" to select a desired ID at the "sec" line)
> KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
>
> # export the public key to a file that is suitable for exchange
> gpg --export -a -- $KEY > $KEY
>
> # verify that you have an expected data to share
> gpg --with-fingerprint -- $KEY
>
> with IDENTITY adjusted as per the instruction above, and send me the
> resulting $KEY file, preferably in a signed (or even encrypted[*]) email
> from an address associated with that very public key of yours.
>
> Timeline?
> Please, send me your public keys *by 2017-09-05*, off-list and
> best with [key-2017-ha] prefix in the subject.  I will then compile
> a list of the attendees together with their keys and publish it at
> 
> so it can be printed beforehand.
>
> [*] You can find my public key at public keyservers:
> 
> Indeed, the trust in this key should be ephemeral/one-off
> (e.g. using a temporary keyring, not a universal one before we
> proceed with the signing :)
>
> * * *
>
> Thanks for your cooperation, looking forward to this side stage
> (but nonetheless important if release or commit[1] signing is to get
> traction) happening and hope this will be beneficial to all involved.
>
> See you there!
>
>
> [1] for instance, see:
> 
> 
>
> -- 
> Jan (Poki)
> ___
> Developers mailing list
> develop...@clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/developers

-- 
// Kristoffer Grönlund
// kgronl...@suse.com

___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] [ClusterLabs Developers] [HA/ClusterLabs Summit] Key-Signing Party, 2017 Edition

2017-07-23 Thread Adam Spiers 

Hi Jan :-)

Jan Pokorný  wrote:

Hello cluster masters :-)

as there's little less than 7 weeks left to "The Summit" meetup
(), it's about time to get the ball
rolling so we can voluntarily augment the digital trust amongst
us the attendees, on OpenGPG basis.

Doing that, we'll actually establish a tradition since this will
be the second time such event is being kicked off (unlike the birds
of the feather gathering itself, was edu-feathered back then):

 
 

If there are no objections, yours truly will conduct this undertaking.


Awesome, thanks for volunteering to do this!

[snipped]


So, going to attend summit and want your key signed while reciprocally
spreading the web of trust?
Awesome, let's reuse the steps from the last time:

Once you have a key pair (and provided that you are using GnuPG),
please run the following sequence:

   # figure out the key ID for the identity to be verified;
   # IDENTITY is either your associated email address/your name
   # if only single key ID matches, specific key otherwise
   # (you can use "gpg -K" to select a desired ID at the "sec" line)
   KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)


AFAICS this has two problems: it's missing a --list-key option,
and it doesn't handle multiple matches for 'IDENTITY'.  So to make it
choose the newest key if there are several:

   read IDENTITY
   KEY=$(gpg --with-colons --list-key "$IDENTITY" | grep '^pub' |
 sort -t: -nr -k6 | head -n1 | cut -d: -f5)

HTH,
Adam


signature.asc
Description: Digital signature
___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org