[tor-bugs] #29671 [Internal Services/Tor Sysadmin Team]: evaluate possible options for OpenPGP keyring maintenance

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 6 22:52:03 UTC 2019


#29671: evaluate possible options for OpenPGP keyring maintenance
---------------------+-----------------------------------------------------
 Reporter:  anarcat  |          Owner:  tpa
     Type:  task     |         Status:  assigned
 Priority:  Low      |      Component:  Internal Services/Tor Sysadmin Team
  Version:           |       Severity:  Normal
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
 Reviewer:           |        Sponsor:
---------------------+-----------------------------------------------------
 Many tickets here are about maintaining the various keyrings required for
 daily operations at Tor. A few examples include new keys, expiration
 updates and so on: #27748 , #27748, #27726, #27600, #28891, #28150,
 #28138, #29455... but there are literally hundreds of such tickets.

 Those keys currently get stored in LDAP and require a TPA to make changes.

 Then there's also stuff like the [https://www.torproject.org/docs/signing-
 keys.html.en torbrowser signing keys] which are ''not'' stored in LDAP
 (#28306), creating ''another'' source of truth for keys.

 All of this makes key maintenance and discovery difficult. Investigate
 possible alternatives, including Debian packages (like the one used by
 debian-archive-keyring), a private keyserver,
 [https://github.com/firstlookmedia/gpgsync gpgsync],
 [https://monkeysphere.info/ monkeysphere], or a flock of unicorn. ;)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29671>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list