Bug #17524: Expert verification instructions no longer work due to expiry of Stefano Zacchiroli's key

Bug #17524

Expert verification instructions no longer work due to expiry of Stefano Zacchiroli's key

Added by tailsverifier 2020-03-15 09:39:05 . Updated 2020-03-22 08:09:17 .

Status:

Resolved

Priority:

Elevated

Assignee:

intrigeri

Category:

Target version:

Tails_4.5

Start date:

Due date:

% Done:

100%

Feature Branch:

doc/17524-replace-zacc

Type of work:

End-user documentation

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Stefano’s key 0x9C31503C6D866396 expired on 2020-02-07. Thus, when the instructions on https://tails.boum.org/install/expert/usb/index.en.html are followed, “gpg —keyid-format 0xlong —check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F” will not display the signature.

There are other Debian developers who have signed the key, so one of these could be used instead. Alternatively, Stefano could sign it with a new key. Whatever solution is chosen, the page will need to be updated.

Subtasks

Related issues

Is duplicate of Tails - ~~Bug #17475~~: Stefano Zacchiroli's public key is expired since 2020-02-07	Duplicate
Blocks Tails - Feature #17247: Core work 2020Q1 → 2020Q2: Technical writing	Confirmed

History

#1 Updated by intrigeri 2020-03-15 09:48:11

is duplicate of ~~Bug #17475~~: Stefano Zacchiroli's public key is expired since 2020-02-07 added

#2 Updated by intrigeri 2020-03-15 09:48:20

Status changed from New to Duplicate

#3 Updated by sajolida 2020-03-18 18:34:30

blocks Feature #17247: Core work 2020Q1 → 2020Q2: Technical writing added

#4 Updated by sajolida 2020-03-18 18:34:44

It’s an important bug on an installation path so I think it qualifies as core work.

#5 Updated by sajolida 2020-03-18 18:57:34

Status changed from Duplicate to In Progress
Assignee set to sajolida
Priority changed from High to Elevated
Target version set to Tails_4.5

I asked Chris Lamb who’s key seems to have no expiry date in the Debian keyring from stable:

root@amnesia:~# gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --list-keys lamby
pub   rsa4096 2009-07-12 [SC]
      C2FE4BD271C139B86C533E461E953E27D4311E58
uid           [ unknown] Chris Lamb <chris@chris-lamb.co.uk>
uid           [ unknown] Chris Lamb <lamby@gnu.org>
uid           [ unknown] Chris Lamb <lamby@debian.org>
sub   rsa4096 2009-07-12 [E]

#6 Updated by sajolida 2020-03-21 21:12:44

Status changed from In Progress to Needs Validation
Assignee changed from sajolida to intrigeri

Here is a branch that replaces zack’s key with lamby’s key.

I’m sure @cbrownstein could review this but, since there’s no English involved and it’s more about trust and not fucking up voodoo GPG stuff, I thought that it might be better if a Release Manager or Foundations Team member did it.

#7 Updated by intrigeri 2020-03-22 07:46:29

Feature Branch set to doc/17524-replace-zacc

#8 Updated by intrigeri 2020-03-22 08:09:17

Status changed from Needs Validation to Resolved
% Done changed from 0 to 100

Applied in changeset commit:tails|46af91aceef60d97b822e4c253e441d3f3b016d3.