From: Carlos Maiolino <cem@kernel.org>
To: linux-xfs@vger.kernel.org
Subject: [ANNOUNCE] GPG key update
Date: Thu, 18 Apr 2024 10:23:34 +0200 [thread overview]
Message-ID: <akavzwaevicl2agsucc4salxjtxmmg74htvtiswzf2ortw2rud@fstpc2o5ywlo> (raw)
Hi,
I didn't mean to send such email, but more than one person already asked me about it, so, sharing it
for a broader audience.
TL;DR;
I started to use a new key to sign stuff two months ago, if you had any key mismatch problem, update
your keyring. My apologies for any trouble.
== Long Version ==
Because my smartcard does not accept ed25519 keys, I added a few new subkeys to the very same certify
GPG key, so I can make my keys safer.
Once my key got updated in kernel keyring I started using it for signing stuff.
I made the foolish assumption that automated packaging systems were querying the kernel keyring or
the public key repos (aka keys.openpgp.org) when trying to verify the signatures.
These new sub-keys belongs to the very same certify key as the another keys, which are still valid.
Nothing got revoked.
My certify (or master key) is still the same: 4020459E58C1A52511F5399113F703E6C11CF6F0
With a new extra subkey added under it: 0C1D891C50A732E0680F7B644675A111E50B5FA6
The kernel keyring has been updated in February with these new keys, so again, my apologies for any
unnecessary trouble, I assumed two months were enough for systems who relies on GPG signatures to
update their databases.
Below is the commit that updated the kernel's gpg database:
commit d3b3885a394fd3144c43bba98596665b42024e19
Author: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Date: Tue Feb 27 14:54:51 2024 -0500
Periodic update from keyservers
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
And directly from the kernel.org's database:
pgpkeys $ gpg --show-keys --with-subkey-fingerprint keys/13F703E6C11CF6F0.asc
pub ed25519 2022-05-27 [C]
4020459E58C1A52511F5399113F703E6C11CF6F0
uid Carlos Eduardo Maiolino <carlos@maiolino.me>
uid Carlos Eduardo Maiolino <cmaiolino@redhat.com>
uid Carlos Eduardo Maiolino <cem@kernel.org>
sub ed25519 2022-05-27 [A]
36C5DFE1ECA79D1D444FDD904E5621A566959599
sub ed25519 2022-05-27 [S]
FA406E206AFF7873897C6864B45618C36A24FD23 <-- Old key still valid
sub cv25519 2022-05-27 [E]
5AE98D09B21AFBDE62EE571EE01E05EA81B10D5C
sub nistp384 2024-02-15 [A]
D3DF1E315DBCB4EDF392D6ED2BE8B50768C99F00
sub nistp384 2024-02-15 [S]
0C1D891C50A732E0680F7B644675A111E50B5FA6 <-- New key
sub nistp384 2024-02-15 [E]
C79922EE45DEA3F58B99B4701201F4FA234EEFD8
next reply other threads:[~2024-04-18 8:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-18 8:23 Carlos Maiolino [this message]
2024-04-18 18:02 ` [ANNOUNCE] GPG key update Carlos E. R.
2024-04-19 6:29 ` Carlos Maiolino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=akavzwaevicl2agsucc4salxjtxmmg74htvtiswzf2ortw2rud@fstpc2o5ywlo \
--to=cem@kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).