On 02/13/2013 09:30 PM, Michael Weber wrote:
> GPG agents do not transport keys, just passphrases.
To stress that, my passphrased key resides on my remote build-box,
gpg just askes my local gpg agent for the passphrase.
ssh -R /root/.gnupg/S.gpg-agent:/tmp/keyring-michael/gpg b-4
with a persiste
Michael Weber wrote:
> > Rather than creating a TCP socket I would look into using the ssh -W
> > option.
> gpg agent works with unix domain sockets.
I know. It would look something like socat + ssh -W socat
//Peter
On 02/13/2013 09:23 PM, Peter Stuge wrote:
> Rather than creating a TCP socket I would look into using the ssh -W
> option.
gpg agent works with unix domain sockets.
--
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber
On 02/13/2013 09:07 PM, Agostino Sarubbo wrote:
> As most of us do, I do the commit from another machine, not mine. So, for ssh
> I'm using ssh -A to forward the key and I'm interested to find a way to do it
> for the gpg key.
>
> I found an how-to that uses socat ( http://superuser.com/question
Agostino Sarubbo wrote:
> I'm using ssh -A to forward the key and I'm interested to find a
> way to do it for the gpg key.
>
> I found an how-to that uses socat ( http://superuser.com/questions/161973/how-
> can-i-forward-a-gpg-key-via-ssh-agent ) but does not work as expected.
Did you debug?
Ra
On Tuesday 12 February 2013 15:14:15 William Hubbs wrote:
> All,
>
> as preparation for the up-coming cvs->git migration of the portage tree,
> the council is strongly suggesting that from this point forward all
> developers sign their manifests with their gpg key as described in the
> developer's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/13/2013 06:22 PM, Aaron W. Swenson wrote:
> There's nothing Gentoo specific about it. I don't see why we would
> need to officially document an official document. The most we
> should do is point people to the resource.
So, please link to this
On Wed, Feb 13, 2013 at 07:58:30PM +0200, Eray Aslan wrote:
> On Wed, Feb 13, 2013 at 05:22:14PM +, Aaron W. Swenson wrote:
> > I agree. This is officially documented by GnuPG. [1] That would be the
> > best source to use. It details everything one needs to do to manage a
> > key pair.
>
> Goo
On Wed, Feb 13, 2013 at 05:22:14PM +, Aaron W. Swenson wrote:
> I agree. This is officially documented by GnuPG. [1] That would be the
> best source to use. It details everything one needs to do to manage a
> key pair.
Good luck having people find and read it. Similar to (or perhaps
linking t
On 13/02/2013 18:46, "Paweł Hajdan, Jr." wrote:
> What is considered a good key size these days?
As far as I can tell, 2048 rsa should be still fine.
Just drop DSA and anything 1024 I would suggest.
--
Diego Elio Pettenò — Flameeyes
flamee...@flameeyes.eu — http://blog.flameeyes.eu/
On 2/13/13 12:28 AM, Robin H. Johnson wrote:
> On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote:
>> What is the rotation strategy for (near) outdated keys?
>> Alter the key or create a new one? Sign the new with the old one?
> If your keysize is still good, you should ideally update th
On Wed, Feb 13, 2013 at 09:35:56AM -0700, Denis Dupeyron wrote:
> On Wed, Feb 13, 2013 at 8:31 AM, Aaron W. Swenson
> wrote:
> > This information, by the way, has been blogged about thousands of
> > times.
>
> There is a reason people write documentation. Contrary to blog posts,
> documentation
On Wed, Feb 13, 2013 at 09:35:56AM -0700, Denis Dupeyron wrote:
> If you want people to handle security properly you have to tell them
> how to. In details. If not everybody will figure it out in his or her
> own way, all of them wrong. Get off your high horse and write
> documentation if you know
On Wed, Feb 13, 2013 at 8:31 AM, Aaron W. Swenson wrote:
> This information, by the way, has been blogged about thousands of
> times.
There is a reason people write documentation. Contrary to blog posts,
documentation is thought out, reviewed, maintained and corrected when
necessary. Blogs are wr
Michael Weber schrieb:
> On 02/12/2013 10:14 PM, William Hubbs wrote:
>> as preparation for the up-coming cvs->git migration of the portage
>> tree, the council is strongly suggesting that from this point
>> forward all developers sign their manifests with their gpg key as
>> described in the devel
On 13 February 2013 15:31, Aaron W. Swenson wrote:
> On Wed, Feb 13, 2013 at 01:20:39PM +0100, Michael Weber wrote:
>> On 02/13/2013 11:55 AM, Markos Chandras wrote:
>> > http://www.gentoo.org/doc/en/gnupg-user.xml
>> >
>> still no hint what to do on expiration (as every single other "gpg howto").
On Wed, Feb 13, 2013 at 01:20:39PM +0100, Michael Weber wrote:
> On 02/13/2013 11:55 AM, Markos Chandras wrote:
> > http://www.gentoo.org/doc/en/gnupg-user.xml
> >
> still no hint what to do on expiration (as every single other "gpg howto").
>
It depends. What do you want to do when it expires?
On 02/13/2013 11:55 AM, Markos Chandras wrote:
> http://www.gentoo.org/doc/en/gnupg-user.xml
>
still no hint what to do on expiration (as every single other "gpg howto").
--
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber
On 12 February 2013 23:28, Robin H. Johnson wrote:
>
>> IMHO the answer to these questions is not obvious nor given by (our)
>> docu [1].
> I'm pretty sure it was in the devrel developer handbook at one point,
> along with instructions to create your key, but I can't find it now.
This one?
http:
On 13 February 2013 15:07, Michael Weber wrote:
> On 02/13/2013 12:28 AM, Robin H. Johnson wrote:
>> On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote:
>>> On 02/12/2013 10:14 PM, William Hubbs wrote:
If you have any questions on this, please feel free to let us
know.
>>> Wha
On 13-02-2013 02:15:48 +0100, Jeroen Roovers wrote:
> On Tue, 12 Feb 2013 17:07:33 -0800
> Alec Warner wrote:
>
> > On Tue, Feb 12, 2013 at 5:05 PM, Jeroen Roovers
> > wrote:
> > > On Wed, 13 Feb 2013 01:47:34 +0100
> > > Jeroen Roovers wrote:
> > >
> > >> It would help if repoman noticed when
On 02/13/2013 12:28 AM, Robin H. Johnson wrote:
> On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote:
>> On 02/12/2013 10:14 PM, William Hubbs wrote:
>>> If you have any questions on this, please feel free to let us
>>> know.
>> What is the rotation strategy for (near) outdated keys?
>>
On Tue, 12 Feb 2013 17:07:33 -0800
Alec Warner wrote:
> On Tue, Feb 12, 2013 at 5:05 PM, Jeroen Roovers
> wrote:
> > On Wed, 13 Feb 2013 01:47:34 +0100
> > Jeroen Roovers wrote:
> >
> >> It would help if repoman noticed when you have FEATURES=-sign. :-\
> >
> > https://bugs.gentoo.org/show_bug.
On Tue, Feb 12, 2013 at 5:05 PM, Jeroen Roovers wrote:
> On Wed, 13 Feb 2013 01:47:34 +0100
> Jeroen Roovers wrote:
>
>> It would help if repoman noticed when you have FEATURES=-sign. :-\
>
> https://bugs.gentoo.org/show_bug.cgi?id=457034
We can do the opposite, and just complain if we see unsig
On Wed, 13 Feb 2013 01:47:34 +0100
Jeroen Roovers wrote:
> It would help if repoman noticed when you have FEATURES=-sign. :-\
https://bugs.gentoo.org/show_bug.cgi?id=457034
jer
On Tue, 12 Feb 2013 15:14:15 -0600
William Hubbs wrote:
> All,
>
> as preparation for the up-coming cvs->git migration of the portage
> tree, the council is strongly suggesting that from this point forward
> all developers sign their manifests with their gpg key as described
> in the developer's
On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote:
> On 02/12/2013 10:14 PM, William Hubbs wrote:
> > If you have any questions on this, please feel free to let us
> > know.
> What is the rotation strategy for (near) outdated keys?
> Alter the key or create a new one? Sign the new with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/12/2013 10:14 PM, William Hubbs wrote:
> If you have any questions on this, please feel free to let us
> know.
What is the rotation strategy for (near) outdated keys?
Alter the key or create a new one? Sign the new with the old one?
IMHO the a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/12/2013 10:14 PM, William Hubbs wrote:
> as preparation for the up-coming cvs->git migration of the portage
> tree, the council is strongly suggesting that from this point
> forward all developers sign their manifests with their gpg key as
> de
29 matches
Mail list logo
