Changelog

debops-keyring

This project adheres to Semantic Versioning and human-readable changelog.

The current repository maintainer is drybjed.

debops-keyring master - unreleased

Fixed

  • git log '--format=%H %G?' handles signatures made by an expired OpenPGP subkey improperly by marking the commit as "N" (no signature). This breaks the history checking and the enforcement that all commits MUST be signed. The workaround is to only check the HEAD commit in the assumption that the subkey used to sign it is not expired. [ypid]
  • OpenPGP keys can have multiple subkeys. This is not interpreted as an error anymore as long as one of the keys is the public key with the matching key fingerprint. [ypid]

debops-keyring v0.2.1 - 2016-09-15

Added

  • Add OpenPGP key 0xDAA9DC5E750C1E85 (Aleksey Gavrilov) as DebOps Contributor. [drybjed]
  • Add REQUIREMENTS which are enforced by CI tests also to the README. [ypid]
  • Add RECOMMENDATION for an asymmetric public-key size of at least 3248 bits (for RSA). [ypid]

Changed

  • Moved role files to roles/ directory to keep the root of the repository clean. [ypid]
  • Clarify the requirements for additional OpenPGP key proofs for DebOps Contributors and DebOps Developers. [drybjed]
  • Key uploading and updating to sks-keyservers.net (or another OpenPGP keyserver pools which sync with sks-keyservers.net) is now REQUIRED. [ypid]

debops-keyring v0.2.0 - 2016-08-07

Added

  • Added note intended to get DebOps Developers and DebOps Contributors to think about OpSec related to their OpenPGP setup. [ypid]
  • Created the contributors file to list the DebOps Contributors. [ypid]
  • Created the bots file to list the DebOps Bots. [ypid]
  • Generate documentation from the machine readable debops-keyring files using a Python 3 script/module. [ypid]
  • Use the Python 3 script/module for consistency checking of the debops-keyring. [ypid]
  • Enforce minimum key size (>=2048) of all keys in the debops-keyring. [ypid]
  • Enforce that all commits in the debops-keyring are signed by a public key present in the keyring (as of git HEAD). [ypid]
  • Require a signed git commit with the most trusted OpenPGP subkey to add or change the corresponding public keys. [ypid]
  • Note that public keys should be uploaded and kept up-to-date on sks-keyservers.net.

Changed

  • Renamed admin file to admins. There might be multiple admins. [ypid]
  • Use the term "OpenPGP" when not specifically referring to the GnuPG implementation. [ypid]

debops-keyring v0.1.1 - 2016-07-10

Added

  • Add OpenPGP keys 0x86FD980BBF1A40F8, 0x5FE92C12EE88E1F0, 0x489A4D5EC353C98A (Robin Schneider). Refer to this comment for details how I am using the three OpenPGP keys. [ypid]
  • Wrote initial "Adding your OpenPGP public key" and "Becoming a DebOps Developer" sections. [ypid]
  • Created the leader files which defines the DebOps Project Leader. [ypid]
  • Created the admin file which defines the DebOps Project Admin. [ypid]
  • Created the developers files which lists the DebOps Developers. [ypid]

debops-keyring v0.1.0 - 2016-07-10

Added

  • Initial release. [drybjed]
  • Add OpenPGP key 0x2DCCF53E9BC74BEC (Maciej Delmanowski). [drybjed]