Tails

#1 Updated by sajolida 2019-01-08 16:12:11

• related to Bug #15710: The Tails signing key is not trusted from within Tails added

#2 Updated by intrigeri 2019-01-10 07:41:50

• Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org by the signing key to Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key
• Status changed from New to Confirmed

Would be nice, indeed :)

Regarding implementation: any set of people who can reconstruct our signing key can do that.

#3 Updated by sajolida 2019-01-10 09:46:35

• related to Feature #15890: Update our OpenPGP keys in 2019 added

#4 Updated by intrigeri 2019-04-25 13:38:52

• Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key to Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key

#5 Updated by intrigeri 2019-10-08 13:13:55

• Status changed from Confirmed to In Progress

Applied in changeset commit:tails|8c8db842b316c7f158d382ed5d4a4ce57f12db1f.

#6 Updated by intrigeri 2019-10-08 13:16:51

• Subject changed from Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key to Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key
• Status changed from In Progress to Needs Validation
• Assignee set to sajolida
• Target version set to Tails_4.0

Done while I was on Feature #15890 and it was therefore cheaper:

• sent the 3 pubkeys to hkps://keys.openpgp.org and hkps://hkps.pool.sks-keyservers.net
• updated the 2 of these pubkeys that were in tails.git with commit:8c8db842b316c7f158d382ed5d4a4ce57f12db1f

#9 Updated by intrigeri 2019-10-21 11:46:15

• Target version changed from Tails_4.0 to Tails_4.1

#10 Updated by sajolida 2019-10-22 16:17:52

• Status changed from Needs Validation to In Progress
• Assignee changed from sajolida to intrigeri

The signatures on tails-mirrors and tails-sysadmins are now on zimmerman.mayfirst.org, but not the signature on tails-fundraising. I can only see a signature by our old signing key, which expired in 2015 (0xBE2CD9C1):

http://zimmerman.mayfirst.org/pks/lookup?search=tails-fundraising%40boum.org&op=vindex

#11 Updated by intrigeri 2019-10-22 16:30:12

• Status changed from In Progress to Needs Validation
• Assignee changed from intrigeri to sajolida

> The signatures on tails-mirrors and tails-sysadmins are now on
> zimmerman.mayfirst.org, but not the signature on tails-fundraising.

That keyserver is lagging behind the pool. https://sks-keyservers.net/status/ confirms that it currently does not qualify to be in the pool, for some reason (I suspect a negative “ΔKeys” means “out of sync”). I know you have bad experiences with the pool reachability (me too), but at least it includes only keyservers that are up-to-date.

Here’s one keyserver that’s up-to-date (and in the pool), that has the signature: https://pgp.ocf.berkeley.edu/pks/lookup?op=vindex&fingerprint=on&search=0xFEB0D5A18EACAF99

#12 Updated by sajolida 2019-10-22 17:51:08

• Status changed from Needs Validation to Resolved
• Assignee deleted (sajolida)

I didn’t think that the same keyserver could be up-to-date on some of these keys only, after 2 weeks already. Strange. But problem solved!