GNU bug report logs - #67790
New signing key

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 12 Dec 2023 00:49:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 67790 in the body.
You can then email your comments to 67790 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Tue, 12 Dec 2023 00:49:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 12 Dec 2023 00:49:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Cc: guix-devel <at> gnu.org
Subject: New signing key
Date: Sun, 23 Jul 2023 22:26:39 -0400

[Message part 1 (text/plain, inline)]
Hello,

I'm changing my Guix signing key from
B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
6840722EEEE4D3A64EE53EAC6AAC1963757F47FF.

Patches to follow. Testing is appreciated!

Leo

[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Tue, 12 Dec 2023 00:54:01 GMT) Full text and rfc822 format available.

Message #8 received at 67790 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 67790 <at> debbugs.gnu.org
Subject: Re: New signing key
Date: Mon, 11 Dec 2023 19:53:11 -0500

[Message part 1 (text/plain, inline)]
Here are the patches.

One of them is for the 'keyring' branch, and the other is for 'master'.

[0001-Add-lfam-s-new-key.patch (text/plain, attachment)]
[0001-.guix-authorizations-Update-lfam-s-key.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Tue, 12 Dec 2023 16:39:01 GMT) Full text and rfc822 format available.

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, guix-patches <at> gnu.org
Subject: Re: New signing key
Date: Tue, 12 Dec 2023 11:37:52 -0500

Hi,

Leo Famulari <leo <at> famulari.name> writes:

> Hello,
>
> I'm changing my Guix signing key from
> B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
> 6840722EEEE4D3A64EE53EAC6AAC1963757F47FF.
>
> Patches to follow. Testing is appreciated!

Thanks for the heads-up!

-- 
Thanks,
Maxim
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Tue, 12 Dec 2023 17:03:01 GMT) Full text and rfc822 format available.

Message #14 received at 67790 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, 67790 <at> debbugs.gnu.org
Subject: Re: bug#67790: New signing key
Date: Tue, 12 Dec 2023 12:02:33 -0500

Hi,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> Hi,
>
> Leo Famulari <leo <at> famulari.name> writes:
>
>> Hello,
>>
>> I'm changing my Guix signing key from
>> B0515948F1E7D3C1B98038A02646FA30BACA7F08 to
>> 6840722EEEE4D3A64EE53EAC6AAC1963757F47FF.
>>
>> Patches to follow. Testing is appreciated!
>
> Thanks for the heads-up!

Note that I believe you can simply update to your new key yourself.
You'll want to add your new key to the keyring branch, then adjust the
.guix-authorizations file with its new keygrip.

Your new key will become mandated after your .guix-authorizations change
is pushed.

-- 
Thanks,
Maxim
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Thu, 14 Dec 2023 02:11:02 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Thu, 14 Dec 2023 02:11:03 GMT) Full text and rfc822 format available.

Message #19 received at 67790-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: guix-devel <at> gnu.org, 67790-done <at> debbugs.gnu.org
Subject: Re: bug#67790: New signing key
Date: Wed, 13 Dec 2023 21:10:24 -0500

[Message part 1 (text/plain, inline)]
On Tue, Dec 12, 2023 at 12:02:33PM -0500, Maxim Cournoyer wrote:
> Note that I believe you can simply update to your new key yourself.
> You'll want to add your new key to the keyring branch, then adjust the
> .guix-authorizations file with its new keygrip.

Thanks, I pushed to 'keyring' as
935e3c9e93548a566cf3b3039b0822d4179974e4, and to 'master' as
4c4222f32a2906b7bcab74fab70ff2c2f152e8eb.

[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Thu, 14 Dec 2023 03:18:01 GMT) Full text and rfc822 format available.

Message #22 received at 67790-done <at> debbugs.gnu.org (full text, mbox):

From: John Kehayias <john.kehayias <at> protonmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, 67790-done <at> debbugs.gnu.org,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: bug#67790: New signing key
Date: Thu, 14 Dec 2023 03:17:04 +0000

On Wed, Dec 13, 2023 at 09:10 PM, Leo Famulari wrote:

> On Tue, Dec 12, 2023 at 12:02:33PM -0500, Maxim Cournoyer wrote:
>> Note that I believe you can simply update to your new key yourself.
>> You'll want to add your new key to the keyring branch, then adjust the
>> .guix-authorizations file with its new keygrip.
>
> Thanks, I pushed to 'keyring' as
> 935e3c9e93548a566cf3b3039b0822d4179974e4, and to 'master' as
> 4c4222f32a2906b7bcab74fab70ff2c2f152e8eb.
>

Just saw, thanks for the update.

And I assume all this was just to use a new key (did I see some
mention of subkeys on #guix? that's what I use) and not because of
something bad happening to the old one right?

John
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Thu, 14 Dec 2023 16:18:02 GMT) Full text and rfc822 format available.

Message #25 received at 67790-done <at> debbugs.gnu.org (full text, mbox):

From: "Leo Famulari" <leo <at> famulari.name>
To: "John Kehayias" <john.kehayias <at> protonmail.com>
Cc: guix-devel <at> gnu.org, 67790-done <at> debbugs.gnu.org,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: bug#67790: New signing key
Date: Thu, 14 Dec 2023 11:16:38 -0500

On Wed, Dec 13, 2023, at 22:17, John Kehayias wrote:
> And I assume all this was just to use a new key (did I see some
> mention of subkeys on #guix? that's what I use) and not because of
> something bad happening to the old one right?

I don't know if anything bad happened to the old key. That's fundamentally unknowable. But I decided to start using a new key.
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Fri, 15 Dec 2023 06:07:01 GMT) Full text and rfc822 format available.

Message #28 received at 67790-done <at> debbugs.gnu.org (full text, mbox):

From: John Kehayias <john.kehayias <at> protonmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, 67790-done <at> debbugs.gnu.org,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: bug#67790: New signing key
Date: Fri, 15 Dec 2023 06:06:26 +0000

On Thu, Dec 14, 2023 at 11:16 AM, Leo Famulari wrote:

> On Wed, Dec 13, 2023, at 22:17, John Kehayias wrote:
>> And I assume all this was just to use a new key (did I see some
>> mention of subkeys on #guix? that's what I use) and not because of
>> something bad happening to the old one right?
>
> I don't know if anything bad happened to the old key. That's
> fundamentally unknowable. But I decided to start using a new key.

I suppose I should have been more specific than "something bad" :) I
merely meant this wasn't an actual security issue of losing control of
a private key, but merely moving to a new one for other reasons.

In any event, this is a good reminder (to myself) to have backups of
private keys somewhere safe!
Information forwarded to guix-patches <at> gnu.org:
bug#67790; Package guix-patches. (Fri, 15 Dec 2023 20:21:02 GMT) Full text and rfc822 format available.

Message #31 received at 67790-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: John Kehayias <john.kehayias <at> protonmail.com>
Cc: guix-devel <at> gnu.org, 67790-done <at> debbugs.gnu.org,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: bug#67790: New signing key
Date: Fri, 15 Dec 2023 15:19:58 -0500

On Fri, Dec 15, 2023 at 06:06:26AM +0000, John Kehayias wrote:
> I suppose I should have been more specific than "something bad" :) I
> merely meant this wasn't an actual security issue of losing control of
> a private key, but merely moving to a new one for other reasons.

The old key "expired" last summer. I had been faking the date for months
to work around that. I did not feel motivated to change the expiration
date or to remove the expiration date either :)

It was easier to make a new key.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 13 Jan 2024 12:24:09 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 160 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.