[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Failing GPG key (was: Re: Debian Project Leader election 2019: First call for votes)



* Joerg Jaspert: " Re: Failing GPG key (was: Re: Debian Project Leader election
  2019: First call for votes)" (Tue, 09 Apr 2019 12:12:10 +0200):

Hi Joerg,

thanks for your answer.

> On 15367 March 1977, Mathias Behrle wrote:
> 
> > - originally set to 2019-04-07
> > - updated on 2019-04-08 to 2021-04-06 and pushed to various keyservers
> >   including keyring.debian.org.  
> 
> That was a bit late, but the right place to send to.

Yes, I got now aware of this.

> > Do I have to wait for a keyring sync of the DD Keyring? When will it
> > happen? Do
> > I have to get in touch with someone to get the key synced?  
> 
> Yes, same as for the archive and uploads.
> 
> Updates send to keyring.d.o are not automagically included in the
> keyrings the debian infratructure uses. It needs a keyring maint to run
> some tool.
> 
> *Usually* they do not do that during running elections, just short before
> they start,
> so you may be out of luck.

If so then I think there is a clear gap in the procedures. 

- What about DDs being approved just during the voting period? They should
  clearly be able to vote.
- What about DDs losing their right during the voting period? Should their
  ballots be valid?

Regarding the update of the expiration date I surely was late, but nevertheless
the procedure itself is considered best practice [1][2], so it is absolute
legitimate in my understanding.

To cover cases like mine it would probably be good practice to update the
keyring at least shortly before the end of the voting period. Of course I
understand very well that the workload on the keyring maintainers should
be kept at a reasonable size.

Anyway I will now contact KeyringMaint and Secretary to see if we can find a
way to solve the problem.

Thanks again
Mathias




[1]
https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years
[2] http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/

-- 

    Mathias Behrle
    PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
    AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6

Attachment: pgptOeTowweXM.pgp
Description: Digitale Signatur von OpenPGP


Reply to: