Re: bug#67790: New signing key

[Leo Famulari]

On Fri, Dec 15, 2023 at 06:06:26AM +, John Kehayias wrote:
> I suppose I should have been more specific than "something bad" :) I
> merely meant this wasn't an actual security issue of losing control of
> a private key, but merely moving to a new one for other reasons.

The old key "expired" last summer. I had been faking the date for months
to work around that. I did not feel motivated to change the expiration
date or to remove the expiration date either :)

It was easier to make a new key.

Re: bug#67790: New signing key

[John Kehayias]

On Thu, Dec 14, 2023 at 11:16 AM, Leo Famulari wrote:

> On Wed, Dec 13, 2023, at 22:17, John Kehayias wrote:
>> And I assume all this was just to use a new key (did I see some
>> mention of subkeys on #guix? that's what I use) and not because of
>> something bad happening to the old one right?
>
> I don't know if anything bad happened to the old key. That's
> fundamentally unknowable. But I decided to start using a new key.

I suppose I should have been more specific than "something bad" :) I
merely meant this wasn't an actual security issue of losing control of
a private key, but merely moving to a new one for other reasons.

In any event, this is a good reminder (to myself) to have backups of
private keys somewhere safe!

Re: bug#67790: New signing key

[Leo Famulari]

On Wed, Dec 13, 2023, at 22:17, John Kehayias wrote:
> And I assume all this was just to use a new key (did I see some
> mention of subkeys on #guix? that's what I use) and not because of
> something bad happening to the old one right?

I don't know if anything bad happened to the old key. That's fundamentally 
unknowable. But I decided to start using a new key.

Re: bug#67790: New signing key

[John Kehayias]

On Wed, Dec 13, 2023 at 09:10 PM, Leo Famulari wrote:

> On Tue, Dec 12, 2023 at 12:02:33PM -0500, Maxim Cournoyer wrote:
>> Note that I believe you can simply update to your new key yourself.
>> You'll want to add your new key to the keyring branch, then adjust the
>> .guix-authorizations file with its new keygrip.
>
> Thanks, I pushed to 'keyring' as
> 935e3c9e93548a566cf3b3039b0822d4179974e4, and to 'master' as
> 4c4222f32a2906b7bcab74fab70ff2c2f152e8eb.
>

Just saw, thanks for the update.

And I assume all this was just to use a new key (did I see some
mention of subkeys on #guix? that's what I use) and not because of
something bad happening to the old one right?

John

Re: bug#67790: New signing key

[Leo Famulari]

On Tue, Dec 12, 2023 at 12:02:33PM -0500, Maxim Cournoyer wrote:
> Note that I believe you can simply update to your new key yourself.
> You'll want to add your new key to the keyring branch, then adjust the
> .guix-authorizations file with its new keygrip.

Thanks, I pushed to 'keyring' as
935e3c9e93548a566cf3b3039b0822d4179974e4, and to 'master' as
4c4222f32a2906b7bcab74fab70ff2c2f152e8eb.


signature.asc
Description: PGP signature

Re: bug#67790: New signing key

[Maxim Cournoyer]

Hi,

Maxim Cournoyer  writes:

> Hi,
>
> Leo Famulari  writes:
>
>> Hello,
>>
>> I'm changing my Guix signing key from
>> B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
>> 68407224D3A64EE53EAC6AAC1963757F47FF.
>>
>> Patches to follow. Testing is appreciated!
>
> Thanks for the heads-up!

Note that I believe you can simply update to your new key yourself.
You'll want to add your new key to the keyring branch, then adjust the
.guix-authorizations file with its new keygrip.

Your new key will become mandated after your .guix-authorizations change
is pushed.

-- 
Thanks,
Maxim

Re: New signing key

[Maxim Cournoyer]

Hi,

Leo Famulari  writes:

> Hello,
>
> I'm changing my Guix signing key from
> B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
> 68407224D3A64EE53EAC6AAC1963757F47FF.
>
> Patches to follow. Testing is appreciated!

Thanks for the heads-up!

-- 
Thanks,
Maxim

New signing key

[Leo Famulari]

Hello,

I'm changing my Guix signing key from
B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
68407224D3A64EE53EAC6AAC1963757F47FF.

Patches to follow. Testing is appreciated!

Leo


signature.asc
Description: PGP signature

Re: New signing key

[zimoun]

Hi Tobias,

On Tue, 29 Jun 2021 at 16:40, Tobias Geerinckx-Rice  wrote:
> Question: I think committers should be trusted with discretion in 
> how they prefer to manage their keys, but how about briefly 
> documenting a suggested sane key-management strategy to new 
> committers, like we already describe some rando's editor set-up? 
> :-)

Yes, it will be really helpful, I guess. :-)


Cheers,
simon

Re: New signing key

[Ludovic Courtès]

Hello,

Tobias Geerinckx-Rice  skribis:

> Question: I think committers should be trusted with discretion in how
> they prefer to manage their keys, but how about briefly documenting a
> suggested sane key-management strategy to new committers, like we
> already describe some rando's editor set-up? :-)

I had missed this message, but I think it’s a good idea!  Your message
is already a good start at that.

Thanks,
Ludo’.

Re: New signing key

[Eric Bavier]

Hi Tobias,

On Tue, 2021-06-29 at 16:40 +0200, Tobias Geerinckx-Rice wrote:
> Question: I think committers should be trusted with discretion in 
> how they prefer to manage their keys, but how about briefly 
> documenting a suggested sane key-management strategy to new 
> committers, like we already describe some rando's editor set-up? 
> :-)

I think this would be very nice. Especially if it laid out some of the
trade-offs as you did here.

> 
> I don't think most people *insist* on their current one, it's just 
> what they know; and GPG is complex and gnarly.
> 
...
> 
> I'm not aware of any authority on best practices that would claim 
> the opposite, but if you are, I'd be grateful to hear about it!
> 

No, I definitely fall into the group who don't insist on a strategy and
are just doing what they know :).  I appreciate your feedback!  And
I'll probably be making some adjustments to my workflow.

Thanks,

`~Eric


signature.asc
Description: This is a digitally signed message part

Re: New signing key

[Tobias Geerinckx-Rice]

Question: I think committers should be trusted with discretion in 
how they prefer to manage their keys, but how about briefly 
documenting a suggested sane key-management strategy to new 
committers, like we already describe some rando's editor set-up? 
:-)


I don't think most people *insist* on their current one, it's just 
what they know; and GPG is complex and gnarly.


Eric Bavier  skribis:
In this case, the old key had already expired.  I think others 
here

have reset the expiry date on their keys before?


Limiting validity to 1…2y is considered good hygiene, as is simply 
extending the date whenever it's about to expire.  It proves you 
still control the private key.  It doesn't matter if you miss the 
deadline.


It's what I'd suggest for Guix because it gives committers full 
control over renewal without the inherent risk of updating the 
keyring & .guix-authorizations each time.  It also makes such 
commits less routine, which I think is good…



I like the idea of honoring the expiration dates I set


Excellent, but ^ this…


and creating a new key.


…doesn't imply ^ this.

Signing your existing key with a new expiry date is just as 
honourable^Wsecure, and much less hassle.  You would have avoided 
the delay you encountered here.  Others would get a better error 
message (‘expired’ vs. now ‘unknown’).  Etc.


I'm not aware of any authority on best practices that would claim 
the opposite, but if you are, I'd be grateful to hear about it!


Kind regards,

T G-R


signature.asc
Description: PGP signature

Re: New signing key

[Ludovic Courtès]

Hi,

Eric Bavier  skribis:

> On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote:

[...]

>>   In
>> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
>> renamed the old one, but perhaps we can just remove the old one, if the
>> old sub-key is still in the new one?
>
> I think the old key is still there, yes.  I didn't remove it, just
> added the new key.

OK.  I removed the former key file from the ‘keyring’ branch in commit
359ca340273213f7bafda455c9f89db55d69849c; I checked with ‘guix git
authenticate’ that we can still authenticate former commits.

>> In the future, unless you lose control of the key, it’s even better if
>> you do it yourself: push a commit signed with the old key that
>> introduces the new key.  Otherwise we have to trust that you really are
>> the one who uploaded the new key on Savannah.
>
> In this case, the old key had already expired.  I think others here
> have reset the expiry date on their keys before?  I like the idea of
> honoring the expiration dates I set, and creating a new key.  But I'm
> also willing to adopt whatever we decide is a best practice.

I think either way is fine.  I set an expiry date a few months in the
future, and I change it a few weeks before it expires, the idea being
that if I lose control of the key (e.g., laptop stolen) it’ll expire not
too longer after that.

Thanks,
Ludo’.

Re: New signing key

[Eric Bavier]

On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote:
> Hi,
> 
> Apologies for the delay!
> 
> Eric Bavier  skribis:
> 
> > I've updated my GPG key on Savannah with a new signing subkey and uid.
> 
> Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543.

Thank you Thank you!

>   In
> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
> renamed the old one, but perhaps we can just remove the old one, if the
> old sub-key is still in the new one?

I think the old key is still there, yes.  I didn't remove it, just
added the new key.

> 
> Anyway, you should be able to push to ‘master’ now.  Please double-check
> with ‘guix git authenticate’ (and the pre-push hook) that everything’s
> fine.

Will do.

> 
> > Could a maintainer do the necessary repo updates?
> 
> Note that any committer who’s checked that all is fine can do this, but
> I guess everyone was busy hacking (or reviewing!).  ;-)

I completely understand.  I didn't trust myself to know how to check
that all is fine. :)

> 
> In the future, unless you lose control of the key, it’s even better if
> you do it yourself: push a commit signed with the old key that
> introduces the new key.  Otherwise we have to trust that you really are
> the one who uploaded the new key on Savannah.

In this case, the old key had already expired.  I think others here
have reset the expiry date on their keys before?  I like the idea of
honoring the expiration dates I set, and creating a new key.  But I'm
also willing to adopt whatever we decide is a best practice.

Thanks again,

`~Eric


signature.asc
Description: This is a digitally signed message part

Re: New signing key

[Ludovic Courtès]

Hi,

Apologies for the delay!

Eric Bavier  skribis:

> I've updated my GPG key on Savannah with a new signing subkey and uid.

Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543.  In
d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
renamed the old one, but perhaps we can just remove the old one, if the
old sub-key is still in the new one?

Anyway, you should be able to push to ‘master’ now.  Please double-check
with ‘guix git authenticate’ (and the pre-push hook) that everything’s
fine.

> Could a maintainer do the necessary repo updates?

Note that any committer who’s checked that all is fine can do this, but
I guess everyone was busy hacking (or reviewing!).  ;-)

In the future, unless you lose control of the key, it’s even better if
you do it yourself: push a commit signed with the old key that
introduces the new key.  Otherwise we have to trust that you really are
the one who uploaded the new key on Savannah.

Thanks,
Ludo’.


signature.asc
Description: PGP signature

Re: New signing key

[Eric Bavier]

On Tue, 2021-06-15 at 03:05 +, Eric Bavier wrote:
> Hello Guix,
> 
> I've updated my GPG key on Savannah with a new signing subkey and uid.
> Could a maintainer do the necessary repo updates?

Ping?

> 
> Thanks,
> `~Eric



signature.asc
Description: This is a digitally signed message part

New signing key

[Eric Bavier]

Hello Guix,

I've updated my GPG key on Savannah with a new signing subkey and uid.
Could a maintainer do the necessary repo updates?

Thanks,
`~Eric


signature.asc
Description: This is a digitally signed message part

Re: New Signing Key

[Tobias Geerinckx-Rice]

Guix,

Brett Gilio 写道：
As per my email a few days ago, I have lost control of my 
signing key. I
have, as per instructions, refreshed the key on Savannah and am 
signing

this email.


I've authorised Brett in commit 
ba1d9680d61d3b06d9b81a81863448f494d654a7.


Kind regards,

T G-R


signature.asc
Description: PGP signature

New Signing Key

[Brett Gilio]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hey all,

As per my email a few days ago, I have lost control of my signing key. I
have, as per instructions, refreshed the key on Savannah and am signing
this email.

I have familiarized myself with the changes to the contribution process,
and am looking forward to getting back into the groove! Thanks a bunch
for those who reached out, and those who kept in touch with me during my
hiatus.

Brett Gilio
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE6CrAJpXW/wJDyh5c9sUt0bony4cFAl8Q5rIACgkQ9sUt0bon
y4c4aggAr0/x2mhwJRRljrDmO0UC/jEV0VwH8TKBMZz60w8MLiJJYwiFyTSL4cJx
sE/Eo/b5B7kEw+nyPNvuw7qXAy8ie80S6frZ9/QrI3Q6ViEV274qex5YeCQfdnbf
oM+1ALAQsbG2wGh6TutdKFEx7vtbCefx/0QxHfj2dYD8nZ+SwoBma8jvogDcubxy
4mGhTqjEuoucJgGN5FwUFf2IimwgSN7O708rIPpcf3QTV0QM3t3bxIGQDnHJr8pb
xQTDsFySBzmZnGyHJVtDSUr+3TE1w11ZMVHd0dcX78STjJkEV3BcGcICOLVszJ2m
bBrUt82L6JU/Dgwjl6KYr3ZezRrHCQ==
=CU3q
-END PGP SIGNATURE-

Re: New signing key

[Tobias Geerinckx-Rice]

Roel,

Roel Janssen 写道：
I am trying to find the revocation key (printed) to revoke the 
old key
as reassurance that I am still me, and no malice is going on. 
As I
moved twice since printing and securely storing the revocation 
key,

this will take some time.


Thanks for taking the time to do that!  It is appreciated.

Is there perhaps a key-signing party for GNU Guix maintainers to 
build

a better trust in the future?


We should do something like that at FOSDEM next year.  I hope 
you'll be able to attend.


Kind regards,

T G-R


signature.asc
Description: PGP signature

Re: New signing key

[Roel Janssen]

Hello Ludo’ and Guix,

I lost the password of the old key.  I updated my OpenPGP key on
Savannah to the new one (F556FD94FB8F8B8779E36832CBD0CD5138C19AFC).

I am trying to find the revocation key (printed) to revoke the old key
as reassurance that I am still me, and no malice is going on.  As I
moved twice since printing and securely storing the revocation key,
this will take some time.

Is there perhaps a key-signing party for GNU Guix maintainers to build
a better trust in the future?

Kind regards,
Roel Janssen


On Thu, 2020-03-05 at 18:13 +0100, Ludovic Courtès wrote:
> Hello Roel,
> 
> You signed commit cc51c03ff867d4633505354819c6d88af88bf919 and its
> parent with OpenPGP key F556FD94FB8F8B8779E36832CBD0CD5138C19AFC,
> which
> differs from the one registered in ‘build-aux/git-authenticate.scm’
> (17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1) that you used
> previously.
> 
> Could you please reply to this message signed with the old key,
> stating
> that the new key is the right one?
> 
> As a last resort, if you lost control of the old key, could you
> ensure
> your Savannah account contains the new key and send a reply signed
> with
> the new key?
> 
> Thanks in advance,
> Ludo’.


signature.asc
Description: This is a digitally signed message part

New signing key

[Ludovic Courtès]

Hello Roel,

You signed commit cc51c03ff867d4633505354819c6d88af88bf919 and its
parent with OpenPGP key F556FD94FB8F8B8779E36832CBD0CD5138C19AFC, which
differs from the one registered in ‘build-aux/git-authenticate.scm’
(17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1) that you used
previously.

Could you please reply to this message signed with the old key, stating
that the new key is the right one?

As a last resort, if you lost control of the old key, could you ensure
your Savannah account contains the new key and send a reply signed with
the new key?

Thanks in advance,
Ludo’.


signature.asc
Description: PGP signature

Re: My new signing key

[Leo Famulari]

On Wed, Dec 05, 2018 at 03:49:42AM +0300, Oleg Pykhalov wrote:
> Hello Guix,
> 
> Recently I've changed my signing subkey, here is it:
> 
> 7238 7123 8EAC EB63 4548  5857 167F 8EA5 001A FA9C

Thanks for letting us know. Please remember to update the key on your
Savannah user page:

https://savannah.gnu.org/users/wigust


signature.asc
Description: PGP signature

My new signing key

[Oleg Pykhalov]

Hello Guix,

Recently I've changed my signing subkey, here is it:

7238 7123 8EAC EB63 4548  5857 167F 8EA5 001A FA9C

Oleg.


signature.asc
Description: PGP signature

New signing key

[Jan Nieuwenhuizen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi!

Just to clarify that I lost the key I've been using to sign commits the
past year and didn't have a backup:

pub   rsa4096 2017-06-09 [SC]
  DB34 CB51 D25C 9408 156F  CDD6 A12F 8797 8D70 1B99
uid   [  full  ] Jan Nieuwenhuizen (janneke) 
sub   rsa4096 2017-06-09 [E]

So I created a new key

pub   rsa4096 2018-04-08 [SC]
  1A85 8392 E331 EAFD B8C2  7FFB F3C1 A0D9 C1D6 5273
uid   [ultimate] Jan (janneke) Nieuwenhuizen 
sub   rsa4096 2018-04-08 [E]

and uploaded its armour to savannah.

Greetings,
janneke

- -- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEGoWDkuMx6v24wn/788Gg2cHWUnMFAlreI/MACgkQ88Gg2cHW
UnNW0w//f63ct1LigPfphei7JyT1I7aa513K0Xb4Wp+T8D6FCpvGg/jjcTR4jpFc
l/fv72ExDtqmamE9jDGFiwWbL2a5m99hIRhEuTV6VtonTD1CJUZOfV1ReCyH32rh
NOUPIzZ4L57DL5OVNrKTbrMI3z9TzLmuwzLw5z13SaabSTW/ZO4yEv+9RauOB1GJ
cV8ic1qiRpNqiG6xu0BGZp16D0teaqUDko1MLd/mxxJXp3PvKrIIDa4fu0YNuoSj
rLXy2aoXwfjttt8cLS303Co0YM0Si6FcVlumqdAROBnJue2QpwQvSAv8RHKgpqPP
8h0sZeibdmIpKolnmFR9iq84TwDrj8Bx6fDHPlMRmGZdSZgZO9AhfKwPef83ThZw
cs4gvcldy0fEnT0JwQmEmde5gHUFr2rKEjA2NxbQO8NcpEFQAvsiGPSZiLnJZ5lU
2WNVy6kNLhkDEQZeDMfNBI4XpGg3LzjtEZIB7TAjNODPVT9GXEzCAUDvMc4Dn4Bu
zQQxaZVgPGodIx+r49ZtKObzxX2/MQWI1bLxKpiuxTQebfgTq0PVm+4IfsXd4lrt
ZXqt15VHT5wBSVUdvhp0+Xs1RaSMmCNWVu9Div6Rs8G+LODTx4svLA6gd1ohye7e
G1paCcDQil5PKXmizX3nmUbPzdHkrq2PZ5zqk1BF4jEcGj0Ovrk=
=TgAQ
-END PGP SIGNATURE-