Bug #9112
Complete our page listing OpenPGP keys
100%
Description
https://tails.boum.org/doc/about/openpgp_keys only lists tails, the signing key and tails-supporte-private
Other encrypted mailing-lists should have their keys added there.
Subtasks
Related issues
Related to Tails - |
Resolved | 2014-05-12 | |
Blocks Tails - |
Resolved | 2014-07-31 |
History
#1 Updated by intrigeri 2015-03-26 06:54:47
- Status changed from New to Confirmed
#2 Updated by BitingBird 2015-04-10 16:10:49
- Assignee set to BitingBird
- Target version set to Tails_1.4
#3 Updated by BitingBird 2015-04-11 14:38:22
- related to
Feature #7225: Mention that there are known fake Tails OpenPGP keys added
#4 Updated by BitingBird 2015-04-11 14:40:57
- related to
Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy added
#5 Updated by BitingBird 2015-04-11 14:49:33
I guess the missing keys are tails-press@boum.org tails-fundraising@boum.org and tails-sysadmins@boum.org
#6 Updated by BitingBird 2015-04-11 14:53:50
- Assignee changed from BitingBird to intrigeri
- QA Check set to Info Needed
Do you see any other key that should be listed?
#7 Updated by BitingBird 2015-04-11 14:54:38
- Status changed from Confirmed to In Progress
- Feature Branch set to bitingbird:doc/9112-keys
#8 Updated by BitingBird 2015-04-11 15:50:57
- % Done changed from 0 to 50
Pushed a first version including the 3 keys. If someone can add the keys so that they can be downloaded from the website, I’ll update the “how to get it” sections.
#9 Updated by BitingBird 2015-04-11 15:55:34
- related to deleted (
)Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy
#10 Updated by BitingBird 2015-04-11 15:55:45
- blocks
Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy added
#11 Updated by BitingBird 2015-04-13 17:20:06
We should also add the short ID of the signing key, as kleopatra only shows that, and most users don’t know that short ID = the end of long ID.
https://tails.boum.org/doc/about/openpgp_keys/#index7h2 should have DBB802B258ACD84F
#12 Updated by intrigeri 2015-04-14 15:47:26
- Assignee changed from intrigeri to BitingBird
- QA Check deleted (
Info Needed)
BitingBird wrote:
> Do you see any other key that should be listed?
I don’t think that -fundraising@ should be added. But -accounting@ should be.
#13 Updated by intrigeri 2015-04-14 15:49:08
BitingBird wrote:
> If someone can add the keys so that they can be downloaded from the website, I’ll update the “how to get it” sections.
You can add the missing key(s) yourself: ls wiki/src/*.key
#14 Updated by intrigeri 2015-04-14 15:53:17
BitingBird wrote:
> We should also add the short ID of the signing key, as kleopatra only shows that, and most users don’t know that short ID = the end of long ID.
>
> https://tails.boum.org/doc/about/openpgp_keys/#index7h2 should have DBB802B258ACD84F
What would be the purpose of providing that ID (which is actually the long ID; the short one is only 8-chars long, and the very-long-version is called the fingerprint)? Note that it cannot be used to verify the key.
#15 Updated by BitingBird 2015-04-14 16:05:50
As explained, we had some Windows users lost because kleopatra showed that version and it’s not on the website.
#16 Updated by intrigeri 2015-04-14 16:13:58
> As explained, we had some Windows users lost because kleopatra showed that version and it’s not on the website.
I got this part, but it doesn’t really answer my question. What actual problem would be solved this way? In other words: what’s the path users are following when they’re getting lost due to Kleopatra, and then in turn: why does that path require any ID at all (be it short, long, or the actual fingerprint)?
Rationale: I just want to ensure that we don’t let users believe that comparing short or long IDs guarantees anything wrt. the integrity and authenticity of the key they got. I’m not saying there’s no problem to solve (users getting lost is of course a real problem), but I still lack information to judge whether the proposed solution is the best way to address it.
#17 Updated by BitingBird 2015-04-14 16:45:49
Well, seems like kleopatra doesn’t like subkeys. I don’t really know more, haven’t tried it myself, but someone had to guide the users through Windows command-line gpg for them to be able to verify.
#18 Updated by BitingBird 2015-04-17 20:56:38
https://tails.boum.org/contribute/how/sysadmin/ could have a link to the gpg key
#19 Updated by BitingBird 2015-04-17 21:39:53
Added the link, also a link to download tails-press key.
#20 Updated by BitingBird 2015-04-25 08:39:02
- % Done changed from 50 to 60
Corrected fundraising -> accounting. Left to do: put sysadmin and accounting keys on the website, so that they can be downloaded from the browser.
#21 Updated by intrigeri 2015-04-26 01:10:48
> Corrected fundraising -> accounting. Left to do: put sysadmin and accounting keys on the website,
FYI the key for -accounting is on the website already.
#22 Updated by BitingBird 2015-05-04 09:41:09
- Assignee changed from BitingBird to intrigeri
- QA Check set to Ready for QA
Added accounting and sysadmins keys to the page, and sysadmins key to the website.
Ready to review (finally :))
#23 Updated by BitingBird 2015-05-07 15:29:50
- Assignee changed from intrigeri to BitingBird
- QA Check changed from Ready for QA to Dev Needed
intri’s review: wiki/src/press.mdwn should probably link to doc/about/doc/about/openpgp_keys#press, just like it was done in contribute/how/sysadmin. and while you’re at it, you can adjust the link to tails-signing.key on contribute/build the same way.
#24 Updated by BitingBird 2015-05-08 21:02:50
- Assignee changed from BitingBird to intrigeri
- QA Check changed from Dev Needed to Ready for QA
Did as asked, but should the APT repository’s signing key be added to the OpenPGP page instead?
#25 Updated by intrigeri 2015-05-08 23:00:49
> Did as asked
Cool, I’m going to have another look.
> but should the APT repository’s signing key be added to the OpenPGP page instead?
It’s automatically kept up-to-date in our Git tree and on http://deb.tails.boum.org/key.asc already, so I’d rather not have to maintain it in yet another place (guess what: we’ll forget). So I’ve added these two locations to the manual build documentation with commit:9336195. I expect people who intend to build Tails ISO images to be able to do something with these instructions, so we can avoid breaking the flow of that doc with one more redirect, and also to overload the OpenPGP keys page with information that’s of no use for 99.99% of its readers.
#26 Updated by intrigeri 2015-05-08 23:23:33
- Status changed from In Progress to Resolved
- % Done changed from 60 to 100
Applied in changeset commit:baae61ed04fb09dc9c81c5292a978f5a20cea97d.
#27 Updated by intrigeri 2015-05-08 23:24:50
- QA Check changed from Ready for QA to Pass