Archived
15
23
Fork
You've already forked meta
6

Set up Keyoxide identity proofs using the GPG keys #40

Closed
opened 2022年11月19日 10:46:29 +01:00 by caesar · 11 comments
Member
Copy link

As discussed in #37 and #39, we should add Keyoxide identity claims/proofs using our OpenPGP keys.

I propose the following:

As [discussed in #37](https://codeberg.org/forgejo/meta/issues/37#issuecomment-689891) and #39, we should add Keyoxide identity claims/proofs using our OpenPGP keys. I propose the following: - Key `c5923710` (the "generic" key, currently the "release" key" - `contact@forgejo.org` identity - [x] DNS claim: forgejo.org - [x] Gitea org claim: https://codeberg.org/forgejo - [x] Fediverse claim: https://floss.social/@forgejo - `release@forgejo.org` identity - (used for signing releases) - Key `9e1fb56f` (the "security" key) - `security@forgejo.org` identity - [x] DNS claim: forgejo.org - [x] Gitea org claim: https://codeberg.org/forgejo
Author
Member
Copy link

@dachary, I have implemented the DNS and Codeberg org proofs locally for the "generic"/"release" key (including adding the contact@forgejo.org identity).

Any objection to me pushing it to the keyservers?

@dachary, I have implemented the DNS and Codeberg org proofs locally for the "generic"/"release" key (including adding the `contact@forgejo.org` identity). Any objection to me pushing it to the keyservers?

No objection.

No objection.
Author
Member
Copy link

Keyoxide proofs are implemented as outlined above for the general key c5923710.

I do not have the private key for the security reports key 9e1fb56f so somebody in @forgejo/Security will have to add the claims to that. I can add the proofs to the DNS and the Codeberg org though.

[Keyoxide proofs are implemented](https://keyoxide.org/contact@forgejo.org) as outlined above for the general key `c5923710`. I do not have the private key for the security reports key `9e1fb56f` so somebody in @forgejo/Security will have to add the claims to that. I can add the proofs to the DNS and the Codeberg org though.

I'd be grateful if there was some kind of documentation somewhere about all this. I'll surely forget half of it by next week 😅

I'd be grateful if there was some kind of documentation somewhere about all this. I'll surely forget half of it by next week 😅
Author
Member
Copy link

Yes, an overview of what keys are to be used for what (and who has access to the corresponding private keys) would be good.
I'm going to bed now but I'll try to look at that tomorrow.

Yes, an overview of what keys are to be used for what (and who has access to the corresponding private keys) would be good. I'm going to bed now but I'll try to look at that tomorrow.
Author
Member
Copy link

@dachary I added some documentation regarding the GPG keys alongside the keys themselves in the secrets repo. Please let me know if it makes sense or if there's anything you think is unclear.

Most of the information there could be in a publicly-accessible place, but I'm not sure where is most appropriate... any suggestions?

@dachary I added some [documentation regarding the GPG keys](https://codeberg.org/forgejo/secrets/src/branch/master/openpgp) alongside the keys themselves in the `secrets` repo. Please let me know if it makes sense or if there's anything you think is unclear. Most of the information there could be in a publicly-accessible place, but I'm not sure where is most appropriate... any suggestions?

Most of the information there could be in a publicly-accessible place, but I'm not sure where is most appropriate... any suggestions?

I would add that to a new CONTRIBUTING.md where WORKFLOW.md and RELEASE.md can also be moved. It may not be the best way to structure a development documentation but it is how Gitea does it and I think there is value in keeping it in a file that is familiar to existing contributors.

> Most of the information there could be in a publicly-accessible place, but I'm not sure where is most appropriate... any suggestions? I would add that to a new `CONTRIBUTING.md` where `WORKFLOW.md` and `RELEASE.md` can also be moved. It may not be the best way to structure a development documentation but it is how Gitea does it and I think there is value in keeping it in a file that is familiar to existing contributors.

forgejo/forgejo#34 is the PR to merge WORKFLOW.md and RELEASE.md into CONTRIBUTING.md

https://codeberg.org/forgejo/forgejo/pulls/34 is the PR to merge `WORKFLOW.md` and `RELEASE.md` into `CONTRIBUTING.md`
Author
Member
Copy link

@Gusted, adding you as an assignee because I think you mentioned you would set up identity claims for the security key (which I don't have access to).

@Gusted, adding you as an assignee because I think you mentioned you would set up identity claims for the security key (which I don't have access to).

@caesar Quite a adventure to use the hidden bits of GPG to achieve this 😅, but it's done https://keyoxide.org/security@forgejo.org

@caesar Quite a adventure to use the hidden bits of GPG to achieve this :sweat_smile:, but it's done https://keyoxide.org/security@forgejo.org
Author
Member
Copy link

Great! Thanks @Gusted. Yes it does take some time to make sense of it all at first... a good CLI or GUI tool for adding claims is definitely something Keyoxide needs.

Great! Thanks @Gusted. Yes it does take some time to make sense of it all at first... a good CLI or GUI tool for adding claims is definitely something Keyoxide needs.
Commenting is not possible because the repository is archived.
No Branch/Tag specified
readme
No results found.
Labels
Clear labels
[Decision] Building proposal(s)
We're in a decision-making process, buiding one or more proposals to address the shared aim based on the criteria
[Decision] Gathering criteria
We're in a decision-making process, gathering criteria, considerations and needs
[Decision] Integrating concerns
We're in a decision-making process, working with a proposal, trying to integrate concerns and create modifications/support such that the proposal works for everyone
Accessibility
Relates to Accessibility (a11y) of product, project and process.
Agreement proposal
Forgejo agreement proposal, following a discussion
Communication
Relates to all channels, social media, website, blog posts.
Election
Process of appointing a person into a role or team (if choosing people just for a specific one-time task, use the Entrustment label)
Entrustment
Process of choosing/approving specific people to do a critical/high-impact one-time task (if choosing people for an ongoing role/team, use the Election label)
Governance
Relates to processes, procedures and decision-making.
Meeting
An upcoming team meeting
User research - Accessibility
Requires input about accessibility features, likely involves user testing.
User research - Blocked
Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.
User research - Community
Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.
User research - Config (instance)
Instance-wide configuration, authentication and other admin-only needs.
User research - Errors
How to deal with errors in the application and write helpful error messages.
User research - Filters
How filter and search is being worked with.
User research - Future backlog
The issue might be inspiring for future design work.
User research - Git workflow
AGit, fork-based and new Git workflow, PR creation etc
User research - Labels
Active research about Labels
User research - Moderation
Moderation Featuers for Admins are undergoing active User Research
User research - Needs input
Use this label to let the User Research team know their input is requested.
User research - Notifications/Dashboard
Research on how users should know what to do next.
User research - Rendering
Text rendering, markup languages etc
User research - Repo creation
Active research about the New Repo dialog.
User research - Repo units
The repo sections, disabling them and the "Add more" button.
User research - Security
User research - Settings (in-app)
How to structure in-app settings in the future?
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/meta#40
Reference in a new issue
forgejo/meta
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?