Opened 6 weeks ago

Last modified 6 weeks ago

#29671 assigned task

evaluate possible options for OpenPGP keyring maintenance

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 , #27748, #27726, #27600, #28891, #28150, #28138, #29455... but there are literally hundreds of such tickets.

Those keys currently get stored in LDAP and require a TPA to make changes.

Then there's also stuff like the torbrowser signing keys which are not stored in LDAP (#28306), creating another source of truth for keys.

All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, or a flock of unicorn. ;)

Child Tickets

Change History (1)

comment:1 Changed 6 weeks ago by anarcat

this was also somewhat briefly discussed in montreal/2017:

Note: See TracTickets for help on using tickets.