Project

General

Profile

Feature #8730

Feature #8222: Transition to a new signing key

Feature #8740: Transition to a new signing key, phase 2

Publish a transition statement for our signing key

Added by intrigeri about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
01/19/2015
Due date:
% Done:

80%

Feature Branch:
news/8730-key-signing-transition-statement
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

E.g. as a blog post, published at the same time as 1.3.1.

Associated revisions

Revision 094a53b7
Added by sajolida about 5 years ago

Merge branch 'news/8730-key-signing-transition-statement' (Closes: #8730)

History

#1 Updated by intrigeri about 5 years ago

  • Private changed from Yes to No

#2 Updated by intrigeri about 5 years ago

  • Parent task changed from #8222 to #8740

#3 Updated by intrigeri about 5 years ago

  • Related to Feature #8769: Document how to migrate from trusting the old key to trusting the new key added

#4 Updated by sajolida about 5 years ago

  • Related to deleted (Feature #8769: Document how to migrate from trusting the old key to trusting the new key)

#5 Updated by sajolida about 5 years ago

  • Duplicated by Feature #8769: Document how to migrate from trusting the old key to trusting the new key added

#6 Updated by sajolida about 5 years ago

  • Assignee changed from intrigeri to sajolida

I took the liberty of taking this one from you for a couple of days. I want this transition statement to be publish before 1.3.1 (ideally as early as we can). To give people some time to adjust. Now that we have publish the two late reports we should (hopefully) have some more quiet time on the blog. I'll start working on a draft right now.

#7 Updated by intrigeri about 5 years ago

I took the liberty of taking this one from you for a couple of days.

I certainly don't mind :)

#8 Updated by sajolida about 5 years ago

  • Assignee changed from sajolida to intrigeri
  • QA Check set to Ready for QA
  • Feature Branch set to news/8730-key-signing-transition-statement

I pushed a first draft, see 0e169fc.

I'm asking you for a first review. You don't have to go into serious details but I want to check the overall strategy with you first:

  • Do you think that's what needed to be written?
  • I didn't do the usual clearsign of the text as I don't really get the point since the new key is signed by the old key.
  • I might have rewritten part of your work in doc/about/openpgp_keys.mdwn but once we agree on that call I'll merge the relevant parts in feature/8740-new-signing-key-phase-2

#9 Updated by intrigeri about 5 years ago

  • Status changed from Confirmed to In Progress

#10 Updated by BitingBird about 5 years ago

  • % Done changed from 0 to 20

#11 Updated by intrigeri about 5 years ago

  • Assignee changed from intrigeri to sajolida
  • % Done changed from 20 to 30
  • QA Check deleted (Ready for QA)
  • Type of work changed from Website to End-user documentation

Do you think that's what needed to be written?

Yes! I've pushed a couple commits on top. And then:

  • Any reason why the link to tails-signing-new.key is hardcoded, instead of using the tails_website ikiwiki shortcut?
  • I'm not sure it's worth documenting that the new signing key is certified by my old, now expired key: it's not in sid's debian-keyring anymore. If it helps, I can certify it again with my new key. OTOH, my new key isn't in Wheezy's nor Jessie's debian-keyring package. I'll let you decide.

#12 Updated by intrigeri about 5 years ago

On second thought, I'm not convinced it was a good idea to mark #8769 as a duplicate of this one: there's one piece of work (#8769#note-6) that we cannot cover here, since it needs to be merged into master at 1.3.1 release time, contrary to the blog post this ticket is about. Shall I unmerge these two tickets and clarify on #8769 what it covers exactly, that #8730 doesn't?

#13 Updated by sajolida about 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 30 to 100

#14 Updated by sajolida about 5 years ago

  • Any reason why the link to tails-signing-new.key is hardcoded, instead of using the tails_website ikiwiki shortcut?

I did the same as we do for the usual signing key from download.html.
The reason behind that is, I think, to force people to fetch the key
from the website when using the offline version so they can get a
correct MIME type from the server.

  • I'm not sure it's worth documenting that the new signing key is certified by my old, now expired key: it's not in sid's debian-keyring anymore. If it helps, I can certify it again with my new key. OTOH, my new key isn't in Wheezy's nor Jessie's debian-keyring package. I'll let you decide.

I didn't realize it was your old key. So I removed that.

#15 Updated by sajolida about 5 years ago

  • Duplicated by deleted (Feature #8769: Document how to migrate from trusting the old key to trusting the new key)

#16 Updated by sajolida about 5 years ago

  • Assignee deleted (sajolida)
  • % Done changed from 100 to 30

#17 Updated by intrigeri about 5 years ago

  • Any reason why the link to tails-signing-new.key is hardcoded, instead of using the tails_website ikiwiki shortcut?

I did the same as we do for the usual signing key from download.html. The reason behind that is, I think, to force people to fetch the key from the website when using the offline version so they can get a correct MIME type from the server.

FYI, that's exactly what the tails_website ikiwiki shortcut does. See e.g. doc/about/openpgp_keys where we use it for the very same purpose. Anyway, no big deal.

#18 Updated by intrigeri about 5 years ago

  • % Done changed from 30 to 100

#19 Updated by sajolida about 5 years ago

  • Status changed from Resolved to In Progress
  • Assignee set to intrigeri
  • % Done changed from 100 to 80
  • QA Check set to Info Needed

I added the @[[!tag announce]] flag but it was not sent to amnesia-news nor appear in the moderation queue. Shall I wait more? Send it by hand? Write to ?

#20 Updated by intrigeri about 5 years ago

I added the @[[!tag announce]] flag but it was not sent to amnesia-news nor appear in
the moderation queue. Shall I wait more? Send it by hand? Write to ?

I think the rss2email cronjob runs every N hours only, and has been pretty reliable so far, so: first, wait a bit more :)

#21 Updated by intrigeri about 5 years ago

  • Assignee changed from intrigeri to sajolida
  • QA Check deleted (Info Needed)

#22 Updated by sajolida about 5 years ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)

#23 Updated by BitingBird about 5 years ago

  • Target version changed from Tails_1.3.2 to Tails_1.3.1

Also available in: Atom PDF