[opensuse-security] Build Service key
Hello, I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team? It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key? IMHO that would grant a stronger chain of trust for that key..... -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hello, I like the idea. @Richard, what do you think? On 18.09.17 15:12, linux maillist wrote:
Hello,
I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team?
It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key?
IMHO that would grant a stronger chain of trust for that key.....
Viele Grüße / Best regards Thomas -- Thomas Biege <thomas@suse.de>, Team Lead MaintenanceSecurity, CSSLP https://www.suse.com/security SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi, On Thu, Sep 21, 2017 at 05:55:15PM +0200, Thomas Biege wrote:
Hello,
I like the idea.
@Richard, what do you think?
On 18.09.17 15:12, linux maillist wrote:
Hello,
I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team?
It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key?
IMHO that would grant a stronger chain of trust for that key.....
I am regulary partaking in FOSDEM and other keysignings if you want to have close verification of my key and government issued ID. I have now also signed the 0x6B9D6523 key with the security@suse.com key, as I am member of the security team. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Am 28.09.2017 um 22:11 schrieb Marcus Meissner:
(....) I am regulary partaking in FOSDEM and other keysignings if you want to have close verification of my key and government issued ID.
Oh, you have such a new German ID card with online signature stuff enabled? You can go to https://pgp.governikus-eid.de/pgp/ and use your ID card to get your PGP key(s) signed. Though, you need a Windows machine / VirtualBox to use your ID card......
I have now also signed the 0x6B9D6523 key with the security@suse.com key, as I am member of the security team.
Why does the security team have two keys? Is 0x317CD502 the successor to 0x3D25D3D9? Why did 0x3D25D3D9 need a successor? thanx Malte -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi Malte, On Wed, Oct 04, 2017 at 02:33:45AM +0200, Malte Gell wrote:
Why does the security team have two keys?
We use only 0x317CD502, 0x3D25D3D9 is revoked.
Is 0x317CD502 the successor to 0x3D25D3D9?
Yes
Why did 0x3D25D3D9 need a successor?
We wanted to increase the key size. Johannes -- GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg)
participants (5)
-
jsegitz@suse.com -
linux maillist -
Malte Gell
-
Marcus Meissner -
Thomas Biege