Improve process to add/update keys for pwstore repo
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MoritzMuehlenhoff
	Sep 9 2020, 11:01 AM

Description

The SKS keyservers are getting increasingly unreliable and https://keys.openpgp.org/ doesn't track signatures to begin with, so we need a more well-formed mechanism to

add the keys of new SREs to pwstore
update keys for existing SREs (lost laptop, expired keys etc) for pwstore

One option would be to simply let people add the public PGP key to the pwstore repo itself, along with a small wrapper to import it. In addition pwstore would probably need to be patched to read from the local keyring when doing "pws update-keyring"

Then:

anyone who wants to be reachable via encrypted email, can upload their key to https://keys.openpgp.org/.
anyone with the need for access to pwstore adds their key to the repo

Event Timeline

MoritzMuehlenhoff created this task.Sep 9 2020, 11:01 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 9 2020, 11:01 AM

ArielGlenn subscribed.Sep 9 2020, 11:07 AM

jbond subscribed.Sep 9 2020, 11:52 AM

• crusnov awarded a token.Sep 9 2020, 4:10 PM

MoritzMuehlenhoff claimed this task.Sep 15 2020, 11:07 AM

MoritzMuehlenhoff triaged this task as Medium priority.

This has been resolved for quite a while: The PGP keys are now stored within the repo itself, current docs are at https://office.wikimedia.org/wiki/Pwstore

Improve process to add/update keys for pwstore repoClosed, ResolvedPublicActions

Description

Event Timeline

Improve process to add/update keys for pwstore repo
Closed, ResolvedPublic
Actions