Hi Tech-Board, I'm already working for a while on an improvement to how Ubuntu developers handle their PGP keys. Without any offense, up to now it mostly is "Create a key, and somehow try to handle it safely". But throughout the population of developers I see various different interpretations of "safely" :-)
Most of those that take it rather seriously have settled on a setup that utilizes hardware keys and I was collecting their input and experience for a while. After aligning with Stephanie at the last sprint I signed myself up to drive a public recommendation policy about what we suggest to overcome the inferior undocumented "Create a key, and somehow try to handle it safely". After some internal rounds with early adopters as well as internal stakeholders on my initial draft, I've recently opened it up as a public PR to the project docs [1] and already got quite good feedback there. The intention is, in a while, to go further outwards with a hint pointing to the PR on ubuntu-devel or similar. But to truly land this PR eventually I feel it needs one of you representing the TB to either say "Approved by TB" or "Debated, OK, but does not need our deep review and approval". Therefore I'd ask you for your personal review and a discussion to tell me TBs overall stance on it. [1]: https://github.com/ubuntu/ubuntu-project-docs/pull/182 P.S. There is more that can be done as subsequent steps in the future, but I'm intentionally trying to not let future perfection be the blocker of helpful steps today: - Testing and documenting exact steps to do that setup. For that I'd want to get an agreement on the policy first, then distribute such keys among some of our folks and ensure we polish any rough edges by using them the way the policy says. - There are related aspects like the Launchpad API not even having any such capability, Stephanie is trying to push for that feature and we'd adopt it here once possible. I allude to that in the presented PR, but until the capability exists can't do much more. - It is considered to one day make some of it mandatory, at least for roles with highly elevated permissions. But for that we need to have the above solved as it can't be mandatory without good documentation or while leaving a huge other door (API) open. -- Christian Ehrhardt Director of Engineering, Ubuntu Server Canonical Ltd -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
