1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Adding a DM key
===============
- Request must be signed by somebody in the DM team (currently:
anibal, enrico, xoswald). Always check it has been signed by them
using their currently registered Debian key!
- Request must include:
- Full DM key fingerprint
- Agreement URL (message sent by prospective DM where he agrees with
DFSG, SC, DMUP, and giving an overview of his current work in
Debian)
- One or more DD advocates (messages signed by DDs confirming
applicant has done Debian work and requesting him to be accepted)
- It _may_ also include a bug number (in the regular Debian BTS)
that should be closed when the request is dealt with. If so, close
it in debian/changelog.
- Procedure:
I am following the request for Javier Merino (RT #2466). Of course,
replace keys with adequate values.
$ gpg --verify < (copy of RT message)
(...)
gpg: Signature made Thu 26 Aug 2010 01:14:41 PM CDT using RSA key ID 464B8DE3
gpg: Good signature from "Xavier Oswald <xoswald@debian.org>"
gpg: aka "Xavier Oswald <x.oswald@free.fr>"
gpg: aka "Xavier Oswald <xoswald@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DE46 8D1D 2744 CF28 5431 1CD7 85B9 0D23 464B 8DE3
# I have never met xoswald, but «grep 464B8DE3 keyids» gives me
# «0x85B90D23464B8DE3 Xavier Oswald <xoswald>» and verifying
# the fingerprint matches
$ gpg --keyserver $KEYSERVER --recv-key 6B1BAEC2CA5D4EA7439803612DCE3F2836D4E4F5
gpg: requesting key 36D4E4F5 from hkp server nisamox.fciencias.unam.mx
gpg: key 36D4E4F5: public key "Javier Merino Cacho <javier.merino@alumnos.unican.es>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 3 signed: 163 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: depth: 1 valid: 163 signed: 405 trust: 154-, 0q, 0n, 5m, 4f, 0u
gpg: depth: 2 valid: 12 signed: 99 trust: 12-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2010-09-10
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --export 6B1BAEC2CA5D4EA7439803612DCE3F2836D4E4F5 > /tmp/key
$ ./scripts/add-key /tmp/key debian-maintainers-gpg/
(...)
# A screen listing all of the applicant's signatures which are
# in the Debian keyring appears. At very least, one DD should
# have signed his key, unless specific reasons
# (i.e. geographical) have been already discussed. Take note of
# the respective key IDs. If they are too many, just note the
# first four or five, in this case: 5D8CDA7B 74974824 95930EDE
# E1C21845
Are you sure you want to update this key? (y/n)
y
adding debian-maintainers-gpg/0x2DCE3F2836D4E4F5
# Note this addition in debian/changelog - Just make sure before
# doing this you are not modifying an already uploaded changelog
# entry!
$ dch -a 'Add new DM key 0x2DCE3F2836D4E4F5 (Javier Merino) (RT #2466) (Closes: #593475)'
$ git commit
# And that's it. For the VCS log, we use the following format:
------------------------------------------------------------
Add new DM key $DM_KEY ($DM_NAME) (RT #$RT_NUM)
Add new DM key $DM_KEY as requested by DM team ($PERSON)
Signed by existing DD keys: $SIGN1 $SIGN2 $SIGN3 $SIGNN
Agreement:
$AGREE_URL
Advocates:
$DD1_ACCOUNT - $ADVOCATE1_URL
$DD2_ACCOUNT - $ADVOCATE2_URL
$DD3_ACCOUNT - $ADVOCATE3_URL
------------------------------------------------------------
i.e.
------------------------------------------------------------
Add new DM key 0x2DCE3F2836D4E4F5 (Javier Merino) (RT #2466)
Add new DM key 0x2DCE3F2836D4E4F5 as requested by DM team (xoswald)
Signed by existing DD keys: 5D8CDA7B 74974824 95930EDE E1C21845
Agreement:
http://lists.debian.org/debian-newmaint/2010/08/msg00020.html
Advocates:
vdanjean - http://lists.debian.org/debian-newmaint/2010/08/msg00021.html
------------------------------------------------------------
|
