From: Phil Pennock <email@example.com> To: firstname.lastname@example.org Subject: Re: Posted zsh 5.9 Date: Mon, 16 May 2022 19:57:19 -0400 [thread overview] Message-ID: <YoLk30/vdg6yh4MP@fullerene.field.pennock-tech.net> (raw) In-Reply-To: <20220514215010.GI13508@tarpaulin.shahaf.local2> On 2022-05-14 at 21:50 +0000, Daniel Shahaf wrote: > The intention is to have the public keys easily available to anyone who > downloads the artifacts themselves, particularly as «gpg --keyserver foo > --recv-key $fingerprint» isn't as reliable as it used to be. > > For zsh.org there's little question where to put the keyring file, as > there's only one relevant directory. Any reason not to upload > zsh-keyring.asc to zsh.org/pub? None that I can see. Keys can be put into many places, as long as the deployment workflow updates them all. IMO the "correct" approach for the future is federated lookups, aka WKD (in practice); this uses /.well-known/ to put keys into place in a schema which gpg (and various email clients) can use to retrieve the keys automatically with `--locate-keys`. This can be done on https://zsh.org/ or on https://openpgpkey.zsh.org/ Only works for keys with a UID in zsh.org. But means that email clients will automatically find the right keys without needing to go dig around in various websites. * https://wiki.gnupg.org/WKD walks through it * https://wiki.gnupg.org/WKDHosting explains setup on the web-server and of those, I'm obviously biased towards <https://github.com/PennockTech/openpgpkey-control>; that layout is what I use for some other domains, and `other/standalone-update-website` within the repo has been successfully used by at least a few people in updating contents as part of a general website build flow ... and is probably the right path for zsh.org. Feed it the keyring for `--keys-file` and a directory top for the serving root for `--output-dir` and it will write things into the right places. With that, `gpg --locate-keys email@example.com` would work, and similarly for any other key with a UID in zsh.org.
next prev parent reply other threads:[~2022-05-16 23:58 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-14 20:59 dana 2022-05-14 21:50 ` Daniel Shahaf 2022-05-14 21:58 ` Daniel Shahaf 2022-05-14 22:27 ` dana 2022-05-14 23:26 ` Daniel Shahaf 2022-05-14 23:28 ` Daniel Shahaf 2022-05-14 23:50 ` dana 2022-05-15 10:36 ` Daniel Shahaf 2022-05-15 21:43 ` dana 2022-05-16 23:57 ` Phil Pennock [this message] 2022-05-21 1:31 ` Daniel Shahaf 2022-05-14 22:11 ` Axel Beckert 2022-05-14 22:31 ` dana 2022-05-15 4:33 ` Bart Schaefer 2022-05-15 6:00 ` dana 2022-05-14 23:21 ` Daniel Shahaf 2022-05-14 23:35 ` Axel Beckert 2022-05-14 23:49 ` Daniel Shahaf
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YoLk30/vdg6yh4MP@fullerene.field.pennock-tech.net \ --firstname.lastname@example.org \ --email@example.com \ --subject='Re: Posted zsh 5.9' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).