These are chat archives for CZ-NIC/knot-resolver

27th
Jun 2018
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 14:50
hi there, is there any reason why the GPG keys for official (Ubuntu) repos are missing from keyservers?
Vladimír Čunát
@vcunat
Jun 27 2018 14:52
@blufor: that's for the packages from software.opensuse.org?
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 14:53
yes, they're referred as "official". the old one on Launchpad is marked as obsolete
Vladimír Čunát
@vcunat
Jun 27 2018 14:56
Right. I didn't think this in details, but I can't see what would be improved by uploading that key.
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 14:59
well, the usual way for receiving keys for any repository is by using the gpg tool with --recv-key parameter. then, I can use only one method for receiving keys instead of non-standard URLs
Vladimír Čunát
@vcunat
Jun 27 2018 14:59
I'm not sure standard gpg policies would allow some of us signing that key, as the private part is in possession of some third-party service (even though we consider it relatively trustworthy).
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 14:59
also apt-key also takes the key ID as a parameter.
Tomas Krizek
@tomaskrizek
Jun 27 2018 15:00
@blufor Feel free to upload them. You can find the key's fingerprint in https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-latest
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 15:00
private part? I don't need the private part, only the public and that's what I'm expecting to find on keyservers
@tomaskrizek I can surely do that, however it'd be much wiser to have this as a part of a CI/CD pipeline?
Tomas Krizek
@tomaskrizek
Jun 27 2018 15:01
However, please note that this private kye is not in our possession... The signing is automatically done by the build service. If we had our own build service instance, this would be solved, but I'm not sure whether that's going to change in the future or not.
Vladimír Čunát
@vcunat
Jun 27 2018 15:02
Key upload should be one-time thing.
Tomas Krizek
@tomaskrizek
Jun 27 2018 15:02
Yeah, I don't think the key changes (except when it's close to expiry)
Vladimír Čunát
@vcunat
Jun 27 2018 15:02
gpg: sending key 74062DB36A1F4009 to hkp://sks.labs.nic.cz
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 15:02
@vcunat until a new key gets generated... I'm not familiar with your policies, so it's hard to predict when this happens
Vladimír Čunát
@vcunat
Jun 27 2018 15:02
(it should sync to other servers within hours)
@tomaskrizek: is it just a single key for all the repos on OBS?
Tomas Krizek
@tomaskrizek
Jun 27 2018 15:03
For all our repos, home:CZ-NIC it seems
Radek 'blufor' Slavicinsky
@blufor
Jun 27 2018 15:03
@vcunat looks good, thx
Vladimír Čunát
@vcunat
Jun 27 2018 15:04
:-)