Pgp add key storage recommendations #182
Open
+200
−8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
LGTM. Thanks! |
cpaelzer
force-pushed
the
pgp-add-key-storage-recommendations
branch
from
f9a0133 to
8d810f1
Compare
|
FYI about recent updates
Thank you all for your reviews! |
|
FYI I pinged the TB requesting what they think it and expect to hint at this PR on ubuntu-devel in a week or so. |
bdrung
reviewed
Sep 23, 2025
Currently the setup of GPG keys, the definition of a signature and a signing key as well as their usage for an upload is independent. This is due to coming from different sources, but consuming that as someone new to the project is quite hard. Allow readers to find one from the other by extending their description and linking between them.
For a long time everyone has done a lot on their own to keep PGP keys safe, and to be fair many already do what I now suggest to officially recommend. But to step up the integrity of the project we need to start somewhere and here that is by outlining clear recommendations that can become deeply tested, documented and eventually mandatory. Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Co-authored-by: JP Meijers <jp.meijers@canonical.com> Co-authored-by: Luci Stanescu <luci@cnix.ro>
It is a known defined term https://de.wikipedia.org/wiki/Diceware
Suggested-by: Edoardo Canepa <edoardo.canepa@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Suggested-by: Luci Stanescu <luci.stanescu@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
It is not entirely self-explanatory add a link to help Suggested-by: Benjamin Drung <bdrung@ubuntu.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
The sentence was not really well readable before. Suggested-by: Benjamin Drung <bdrung@ubuntu.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
cpaelzer
force-pushed
the
pgp-add-key-storage-recommendations
branch
from
8d810f1 to
2b4647d
Compare
|
Recent updates
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Related issue
Well the continuous uncertainty of how to set up keys right and what to do to keep them safe - not an issue tracked here but an issue for sure :-/
Checklist
Additional notes (optional)
I expect that there will be various personal preferences or "but hey you can't enforce" concerns, but you know what.
That is why this is a recommendation for now which still already gets us ahead of the bad former state and hence I'd ask to not drown in bikeshedding or what-if questions. Let us make this a guide that helps everyone to do better and define a suggested standard setup we know to work well.
@s-makin / @rkratky - I'm happy about your review, but please do not land this immediately. After a first round of feedback and polish by close peers I'd want to reach out further to get more feedback and acknowledgement before we land it. I'd let you know when I feel we are ready.