Bug #9112

Complete our page listing OpenPGP keys

Added by BitingBird 2015-03-26 03:47:40 . Updated 2015-05-08 23:27:53 .

Status:
Resolved
Priority:
Normal
Assignee:
intrigeri
Category:
Target version:
Start date:
2015-03-26
Due date:
% Done:

100%

Feature Branch:
bitingbird:doc/9112-keys
Type of work:
End-user documentation
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

https://tails.boum.org/doc/about/openpgp_keys only lists tails, the signing key and tails-supporte-private

Other encrypted mailing-lists should have their keys added there.


Subtasks


Related issues

Related to Tails - Feature #7225: Mention that there are known fake Tails OpenPGP keys Resolved 2014-05-12
Blocks Tails - Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy Resolved 2014-07-31

History

#1 Updated by intrigeri 2015-03-26 06:54:47

  • Status changed from New to Confirmed

#2 Updated by BitingBird 2015-04-10 16:10:49

  • Assignee set to BitingBird
  • Target version set to Tails_1.4

#3 Updated by BitingBird 2015-04-11 14:38:22

  • related to Feature #7225: Mention that there are known fake Tails OpenPGP keys added

#4 Updated by BitingBird 2015-04-11 14:40:57

  • related to Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy added

#5 Updated by BitingBird 2015-04-11 14:49:33

I guess the missing keys are tails-press@boum.org tails-fundraising@boum.org and tails-sysadmins@boum.org

#6 Updated by BitingBird 2015-04-11 14:53:50

  • Assignee changed from BitingBird to intrigeri
  • QA Check set to Info Needed

Do you see any other key that should be listed?

#7 Updated by BitingBird 2015-04-11 14:54:38

  • Status changed from Confirmed to In Progress
  • Feature Branch set to bitingbird:doc/9112-keys

#8 Updated by BitingBird 2015-04-11 15:50:57

  • % Done changed from 0 to 50

Pushed a first version including the 3 keys. If someone can add the keys so that they can be downloaded from the website, I’ll update the “how to get it” sections.

#9 Updated by BitingBird 2015-04-11 15:55:34

  • related to deleted (Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy)

#10 Updated by BitingBird 2015-04-11 15:55:45

  • blocks Feature #7698: Create a place to gather information about the different mailing lists, and their scope and policy added

#11 Updated by BitingBird 2015-04-13 17:20:06

We should also add the short ID of the signing key, as kleopatra only shows that, and most users don’t know that short ID = the end of long ID.

https://tails.boum.org/doc/about/openpgp_keys/#index7h2 should have DBB802B258ACD84F

#12 Updated by intrigeri 2015-04-14 15:47:26

  • Assignee changed from intrigeri to BitingBird
  • QA Check deleted (Info Needed)

BitingBird wrote:
> Do you see any other key that should be listed?

I don’t think that -fundraising@ should be added. But -accounting@ should be.

#13 Updated by intrigeri 2015-04-14 15:49:08

BitingBird wrote:
> If someone can add the keys so that they can be downloaded from the website, I’ll update the “how to get it” sections.

You can add the missing key(s) yourself: ls wiki/src/*.key

#14 Updated by intrigeri 2015-04-14 15:53:17

BitingBird wrote:
> We should also add the short ID of the signing key, as kleopatra only shows that, and most users don’t know that short ID = the end of long ID.
>
> https://tails.boum.org/doc/about/openpgp_keys/#index7h2 should have DBB802B258ACD84F

What would be the purpose of providing that ID (which is actually the long ID; the short one is only 8-chars long, and the very-long-version is called the fingerprint)? Note that it cannot be used to verify the key.

#15 Updated by BitingBird 2015-04-14 16:05:50

As explained, we had some Windows users lost because kleopatra showed that version and it’s not on the website.

#16 Updated by intrigeri 2015-04-14 16:13:58

> As explained, we had some Windows users lost because kleopatra showed that version and it’s not on the website.

I got this part, but it doesn’t really answer my question. What actual problem would be solved this way? In other words: what’s the path users are following when they’re getting lost due to Kleopatra, and then in turn: why does that path require any ID at all (be it short, long, or the actual fingerprint)?

Rationale: I just want to ensure that we don’t let users believe that comparing short or long IDs guarantees anything wrt. the integrity and authenticity of the key they got. I’m not saying there’s no problem to solve (users getting lost is of course a real problem), but I still lack information to judge whether the proposed solution is the best way to address it.

#17 Updated by BitingBird 2015-04-14 16:45:49

Well, seems like kleopatra doesn’t like subkeys. I don’t really know more, haven’t tried it myself, but someone had to guide the users through Windows command-line gpg for them to be able to verify.

#18 Updated by BitingBird 2015-04-17 20:56:38

https://tails.boum.org/contribute/how/sysadmin/ could have a link to the gpg key

#19 Updated by BitingBird 2015-04-17 21:39:53

Added the link, also a link to download tails-press key.

#20 Updated by BitingBird 2015-04-25 08:39:02

  • % Done changed from 50 to 60

Corrected fundraising -> accounting. Left to do: put sysadmin and accounting keys on the website, so that they can be downloaded from the browser.

#21 Updated by intrigeri 2015-04-26 01:10:48

> Corrected fundraising -> accounting. Left to do: put sysadmin and accounting keys on the website,

FYI the key for -accounting is on the website already.

#22 Updated by BitingBird 2015-05-04 09:41:09

  • Assignee changed from BitingBird to intrigeri
  • QA Check set to Ready for QA

Added accounting and sysadmins keys to the page, and sysadmins key to the website.

Ready to review (finally :))

#23 Updated by BitingBird 2015-05-07 15:29:50

  • Assignee changed from intrigeri to BitingBird
  • QA Check changed from Ready for QA to Dev Needed

intri’s review: wiki/src/press.mdwn should probably link to doc/about/doc/about/openpgp_keys#press, just like it was done in contribute/how/sysadmin. and while you’re at it, you can adjust the link to tails-signing.key on contribute/build the same way.

#24 Updated by BitingBird 2015-05-08 21:02:50

  • Assignee changed from BitingBird to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

Did as asked, but should the APT repository’s signing key be added to the OpenPGP page instead?

#25 Updated by intrigeri 2015-05-08 23:00:49

> Did as asked

Cool, I’m going to have another look.

> but should the APT repository’s signing key be added to the OpenPGP page instead?

It’s automatically kept up-to-date in our Git tree and on http://deb.tails.boum.org/key.asc already, so I’d rather not have to maintain it in yet another place (guess what: we’ll forget). So I’ve added these two locations to the manual build documentation with commit:9336195. I expect people who intend to build Tails ISO images to be able to do something with these instructions, so we can avoid breaking the flow of that doc with one more redirect, and also to overload the OpenPGP keys page with information that’s of no use for 99.99% of its readers.

#26 Updated by intrigeri 2015-05-08 23:23:33

  • Status changed from In Progress to Resolved
  • % Done changed from 60 to 100

Applied in changeset commit:baae61ed04fb09dc9c81c5292a978f5a20cea97d.

#27 Updated by intrigeri 2015-05-08 23:24:50

  • QA Check changed from Ready for QA to Pass

#28 Updated by BitingBird 2015-05-08 23:27:53

Youhou !

jumps around