Re: [RFC] General Resolution to deploy tag2upload

To: Sean Whitton <spwhitton@spwhitton.name>
Cc: Joerg Jaspert <joerg@debian.org>, Ian Jackson <ijackson@chiark.greenend.org.uk>, Helmut Grohne <helmut@subdivi.de>, Ansgar 🙀 <ansgar@43-1.org>, debian-vote@lists.debian.org
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Gunnar Wolf <gwolf@debian.org>
Date: Thu, 13 Jun 2024 13:51:52 -0600
Message-id: <[🔎] ZmtN2C-whD9s1E_w@iiec.unam.mx>
In-reply-to: <[🔎] 878qz9q1mm.fsf@melete.silentflame.com>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] 1d18bfee6b3b6beec5a9804d1e879339f0edee90.camel@43-1.org> <[🔎] 20240612090822.GA3640953@subdivi.de> <[🔎] 26217.39029.509566.207415@chiark.greenend.org.uk> <[🔎] 871q51onxs.fsf@ganneff.de> <[🔎] 878qz9q1mm.fsf@melete.silentflame.com>

Sean Whitton dijo [Thu, Jun 13, 2024 at 05:42:25AM +0800]:
> > Actually, we can set acls on fingerprints and then that key wont be able
> > to upload anymore. That is not something recorded in the keyrings or the
> > DM list. Obviously that is not something used often (really really
> > seldom), it is more for "this key is compromised badly, please turn off
> > anything with it *NOW*" situations, which it's what Helmut meant with the
> > urgent cases.
> 
> Could you say more specifically how seldom, and also how long it usually
> takes between you flicking the emergency switch, and the keyring team
> pushing an update?

Quite hard to say.

We have tried to cover differnt timezones between the (currently)
three of us in keyring-maint, but it's not that uncommon we are all in
North America. Sadly, it's not as common as I'd wish that we are all
at DebConf.

Usually, when we are notified of a compromised key (or keys that have
to be urgently removed for urgent reasons), we act on it as soon as
one of us can take it, and the keyring preparation + update + push
process takes about one hour, tops. But there can be many reasons the
three of us (keyring-maints) are unreachable for several hours.

Reply to:

Follow-Ups:
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Matthias Urlichs <matthias@urlichs.de>

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ansgar 🙀 <ansgar@43-1.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Joerg Jaspert <joerg@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Re: source tarballs vs. source from git
Next by Date: Re: [RFC] General Resolution to deploy tag2upload
Previous by thread: Re: [RFC] General Resolution to deploy tag2upload
Next by thread: Re: [RFC] General Resolution to deploy tag2upload
Index(es):
- Date
- Thread