Add zarb MLs html archivesHEADmaster

1 files changed, 122 insertions, 0 deletions

diff --git a/zarb-ml/mageia-sysadm/2011-January/002159.html b/zarb-ml/mageia-sysadm/2011-January/002159.html
new file mode 100644
index 000000000..e88c4dc36
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2011-January/002159.html
@@ -0,0 +1,122 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B814%5D%20-%20add%20a%20module%20to%20generate%20gnupg%20key%0A%09%28%09similar%20to%20the%20one%20for%20openssl&In-Reply-To=%3C20110117170927.GH21938%40mars-attacks.org%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="002158.html">
+   <LINK REL="Next"  HREF="002161.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl</H1>
+    <B>nicolas vigier</B> 
+    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B814%5D%20-%20add%20a%20module%20to%20generate%20gnupg%20key%0A%09%28%09similar%20to%20the%20one%20for%20openssl&In-Reply-To=%3C20110117170927.GH21938%40mars-attacks.org%3E"
+       TITLE="[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl">boklm at mars-attacks.org
+       </A><BR>
+    <I>Mon Jan 17 18:09:27 CET 2011</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="002158.html">[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl
+</A></li>
+        <LI>Next message: <A HREF="002161.html">[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#2159">[ date ]</a>
+              <a href="thread.html#2159">[ thread ]</a>
+              <a href="subject.html#2159">[ subject ]</a>
+              <a href="author.html#2159">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Mon, 17 Jan 2011, Pascal Terjan wrote:
+
+&gt;<i> &gt; 1 key for all is the simplest solution, as this is easiest, and do not
+</I>&gt;<i> &gt; requires a lot of work to update keys. There is also a simpler BS.
+</I>&gt;<i> &gt; However, this mean we cannot expire the keys. But this also mean that we
+</I>&gt;<i> &gt; can more easily have it signed, if we make it signed once, and do not
+</I>&gt;<i> &gt; need to redo it every time. ( see the gpg web of trust ).
+</I>&gt;<i> 
+</I>&gt;<i> Another solution is to have one key, signed by everyone and stored
+</I>&gt;<i> safely (like, on a usb key in a bank), and use this key to sign the
+</I>&gt;<i> keys that will sign packages (and that will be stored safely too but
+</I>&gt;<i> have to be accessible on valstar). If we want to use a new key at some
+</I>&gt;<i> point for signing packages, we just need to access that master key.
+</I>
+It looks like a good idea.
+
+&gt;<i> &gt;
+</I>&gt;<i> &gt; How do we sign
+</I>&gt;<i> &gt; ==============
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; Again, point 3 have a impact here. Either we sign when uploaded, using
+</I>&gt;<i> &gt; youri, or using a custom action ( as current one do not permit to change
+</I>&gt;<i> &gt; uid ), or we use some custom cronjob to sign.
+</I>
+I vote too for using a custom action, to store the key on a separate
+account, and use it with a script run with sudo.
+
+It can be done with a cron job too, but it will slower I think. Is there
+any advantage doing it with a cron job ?
+
+&gt;<i> &gt;
+</I>&gt;<i> &gt; Or we sign when the release is made.
+</I>
+That would mean having unsigned cauldron packages ?
+
+&gt;<i> &gt;
+</I>&gt;<i> &gt; I would recommend using a custom action, as privilege separation sound
+</I>&gt;<i> &gt; like a good idea. I would prefer to avoid signing again the day of
+</I>&gt;<i> &gt; release, for reasons that were already given.
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; Bonus, usage of the module :
+</I>&gt;<i> &gt; ============================
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; &#160; &#160;gnupg::keys { &quot;cauldron&quot;:
+</I>&gt;<i> &gt; &#160; &#160; &#160; &#160;email =&gt; &quot;root@$domain&quot;,
+</I>&gt;<i> &gt; &#160; &#160; &#160; &#160;key_name =&gt; &quot;John the plop&quot;,
+</I>&gt;<i> &gt; &#160; &#160; &#160; &#160;key_length =&gt; &quot;4096&quot;
+</I>&gt;<i> &gt; &#160; &#160;}
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
+</I>&gt;<i> &gt; sure of the format ( maybe have it exported would be good ), and I am
+</I>&gt;<i> &gt; not sure that putting everything in this directory is the good location.
+</I>
+What are the permissions and owner on this directory ?
+
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="002158.html">[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl
+</A></li>
+	<LI>Next message: <A HREF="002161.html">[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#2159">[ date ]</a>
+              <a href="thread.html#2159">[ thread ]</a>
+              <a href="subject.html#2159">[ subject ]</a>
+              <a href="author.html#2159">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>