NowpPublishing fedora developer PGP keys in DNSSEC

Paul Wouters paul at nohats.ca
Sun Feb 1 23:24:06 UTC 2015


On Sun, 1 Feb 2015, Björn Persson wrote:

> Paul Wouters wrote:
>> paul at bofh:~$ openpgpkey --fetch pwouters at fedoraproject.org
>
> openpgpkey: /var/lib/unbound/root.anchor is not a file. Unable to use
> it as rootanchor
>
> Huh?

turns out a bug in %post of unbound-libs. I pushed a fix into rawhide.
I've also made openpgpkey smarter so it looks for more file locations
for the root.anchor or root.key file. I'll push that upstream.

>> 2) most people don't have their fedoraproject.org as uid on their key
>
> Perhaps they are like me in that they want to be known by their actual
> address rather than the fedoraproject.org alias. When people want to
> reach me I want them to send their email directly to Bjorn at Rombobjörn.se
> (or to Bjorn at Rombobeorn.se if their email client doesn't understand
> IDNA), not to an alias in another domain. It doesn't hurt that an alias
> exists, and it may be useful to automated stuff in the Fedora
> infrastructure, but I prefer not to advertise it outside of Fedora.

It will show you the uids present on the key and you can still import
the gui and mail them at the other addresses.

> Perhaps you should publish only those keys that have a
> fedoraproject.org address?

The goal though is to make it easier to get keys and use encryption,
not more manual. So I prefer to have the keys there even if the uid
is not there.

> Traceback (most recent call last):
>  File "/usr/bin/openpgpkey", line 189, in <module>
>    if "<%s>"%args.email in uid:
> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position
> 14: ordinal not in range(128)

I'll work on adding punycode support :)

(the LHS does not matter, we just sha224 whatever you give us)

Paul


More information about the devel mailing list