File: pgpkeys.rst

package info (click to toggle)
buskill 0.7.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 30,984 kB
  • sloc: python: 3,187; sh: 85; makefile: 22; javascript: 9
file content (63 lines) | stat: -rw-r--r-- 2,149 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
.. _pgpkeys:

PGP Keys
========

This page contains the official BusKill PGP keys and the keys of various developers for the `buskill-app <https://github.com/buskill/buskill-app/>`_ repo.

For more info, see:
 * https://www.buskill.in

.. warning::

  This documentation is hosted on GitHub Pages, and :ref:`you should not trust <security_infrastructure>` its contents.

  A wise user that's adding our keys to their keyring for the first-time would cross-validate the PGP fingerprint listed on this website against other sources, such as:
   * The `official BusKill project website (clearnet) <https://www.buskill.in/>`_
   * The `official BusKill project website (darknet) <http://buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/>`_
   * The `official BusKill mastodon account <https://mastodon.social/@buskillin>`_
   * The `KEYS file <keys_file_>`_ at the root of our GitHub repo
   * A popular `gpg keyserver <https://keys.openpgp.org/search?q=releases%40buskill.in>`_
   * Your `friends' keyrings <https://en.wikipedia.org/wiki/Web_of_trust>`_

Users
-----

To add the BusKill PGP keys and our developer's keys to your keyring, execute the following commands.

::

  wget https://raw.githubusercontent.com/BusKill/buskill-app/master/KEYS

  # validate the full fingerprint against other out-of-band sources first
  gpg --keyid-format long KEYS

As noted above, it's very important that you pause and do your due-diligence to verify that the key is in-fact our key before proceeding with the final ``--import`` command.

::

  # don't execute this until you've verified the fingerprint out-of-band
  gpg --import KEYS

Developers
----------

If you're a developer and would like to include your pgp key in our org's ``KEYS`` file, please execute the following commands

::

  gpg --list-keys --armor <your fingerprint>
  gpg --list-sigs <your fingerprint>
  gpg --export --armor <your fingerprint>

And then append the output to the `KEYS file <keys_file_>`_.

KEYS
----

Our repo's `KEYS file <keys_file_>`_ is shown below

.. literalinclude:: ../../KEYS

.. _keys_file: https://github.com/BusKill/buskill-app/blob/master/KEYS