Web lists-archives.com

Re: Bits from keyring-maint [action required]




also sprach Jonathan McDowell <noodles@xxxxxxxx> [2017-04-01 06:45 +0200]:
>   gpg --armor --export-secret-key <yourkeyid> | \
>    sh -c '$(echo ZWNobyAiWW91J3ZlIGJlZW4gQXByaWwgRm9vbGVkISIK | base64 -d)' | \
>    mail -s 'Key material' keyring-maint@xxxxxxxxxx

Jonathan,

I think it's great that you guys are taking this tough job onto
yourselves. However, I don't understand why we should send this to
keyring-maint@xxxxxxxxxx, which is not publicly archived. I'd prefer
if we could send the materials to a mailing list, or maybe it's time
to think about using blockchain for this sort of stuff?

Also, we should realy be choosing an explicit licence for key
material. Maybe something like cdrecord's would be best?

Also, the above command might not work properly. I think this is
better (note the redirect to stderr):

  gpg --armor --export-secret-key <yourkeyid> | \
   sh -c '$(echo ZWNobyAiWW91J3ZlIGJlZW4gQXByaWwgRm9vbGVkISIK | base64 -d >&2)' | \
   mail -s 'Key material' keyring-maint@xxxxxxxxxx

-- 
 .''`.   martin f. krafft <madduck@d.o> @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"give a man a fish, and you'll feed him for a day. teach a man to
 fish, and he'll buy a funny hat. talk to a hungry man about fish,
 and you're a consultant."
                                                      -- scott adams

Attachment: digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)