[csw-maintainers] [policy] GPG Signing Key handling

Ben Walton bwalton at opencsw.org
Thu Feb 10 04:57:46 CET 2011


Excerpts from Philip Brown's message of Tue Feb 08 23:24:20 -0500 2011:

Hi Phil,

> I find it very odd that this voting issue be raised, without any
> mention of why it was even brought up.  (I'm not even sure why
> myself)

Well, I thought it was clear from the introduction.  We've been in
discussion with you about this and your point of view differs from
ours.

I've been considering how to bridge this gap and have even considered
that your point of view is possibly correct.  I'm not wholly convinced
of that, but the points you made are not without merit.

I also considered simply saying the equivalent of "my way or the
highway" but didn't think that was appropriate for several reasons all
of which are too obvious to mention.

During our conversation, you said on more than one occasion that this
issue is of the utmost importance to get right.  I agree with this.
Thus, as a group, we should decide how to do this.  It should not
happen based on your opinion, my opinion or that of the board as a
group.  Thus, I wrote the email last night to trigger this discussion
with all members.

Do you take issue with this decision being made by the full
membership?  If so, why?

> the release manager, and the backup release manager.  So it is
> already redundantly held.

Nothing slight against James, but as he's not a member, his holding
the key does not count as redundancy for the purpose of this
discussion.

> you also do not make any statement of justification why -any- board
> member position should hold a copy of the key, in addition to these
> positions.

As perhaps the most important record the community holds, it should be
the responsibility of the board to hold it and delegate it's use in
signing catalogs.

> A question then should also be raised of whether "the board" is
> expected to hold a copy of *all* digital assets at all times.

This will be addressed in time.

I won't speak for Maciej and Ihsan here, but my own though process is
that the gpg key is the most important element and therefore a logical
place to start.

> For example, the root password, and database master passwords, for
> every machine and service associated with opencsw. Currently, "the
> board" does not hold such things in a formal sense, and as far as I
> have heard, has no plans to do so as "a policy".

Database, mailing list and similar passwords are one thing.  Root
passwords are different.  I don't think that OpenCSW is going to tell
Baltic Online or Gore to hand over passwords to servers.  They are
lending us the use of considerable resources and they do grant root
access via sudo.  I personally don't think it is our right to ask for
the root password to those machines.

> I have pointed this out to the board, and asked for an explanation
> of why they think the signing key should be treated any differently
> than these other secure assets.  I have received no reply to that.

No, you didn't get a reply.  I apologize for that.

> For my own personal opinion, I think that IF the membership deems it
> appropriate that a board member always have a copy of the key, then
> the treasurer seems like the appropriate position.

I argue that the gpg key is equivalent to the royal signet.  It is
used to authenticate the validity of various documents.  The secretary
is the one charged with documents and their official status.  Thus, if
I had to choose a single board position to hold the key, my vote would
be for the secretary.

For redundancy purposes, I think that two or more positions should
hold the key.  In this scenario, my vote would be for treasurer and
secretary.

As the vote will allow selecting all or none of the positions, you'll
be able to vote for whatever configuration you feel is appropriate.
Please vote based on positions, though, not people.

Thanks
-Ben
--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302



More information about the maintainers mailing list