Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WKD with the Typelevel release PGP key #486

Merged
merged 2 commits into from
Jan 26, 2024
Merged

Add WKD with the Typelevel release PGP key #486

merged 2 commits into from
Jan 26, 2024

Conversation

rossabaker
Copy link
Member

  1. Sets up a Web Key Directory, so the public release key (14CA 4AC4 FDB0 0D5F 827A BC0C 5986 48A6 5DF6 4506) can be found via --locate-keys.
  2. Contains a DNS identity claim to mutually link it with typelevel.org. The TXT record already exists.

@rossabaker
Copy link
Member Author

The alternative here is to set up an openpgp subdomain and do the "advanced" implementation, whose directory structure looks like the first commit. That "site" could conceivably be built from public key(s) as the source.

@samspills
Copy link
Contributor

The alternative here is to set up an openpgp subdomain and do the "advanced" implementation, whose directory structure looks like the first commit. That "site" could conceivably be built from public key(s) as the source.

The "advanced" method will automate if the public key changes (I think this is what you mean by "built from the public key(s)"?), vs this "direct" method where we would manually have to update the file structure for a new public key; assuming I am understanding the differences, I think the direct method is good for us. Thanks for doing this Ross!

@rossabaker
Copy link
Member Author

Advanced is a little easier to automate in an action because:

  • gpg-wks-client generates that directory structure.
  • It's its own thing and doesn't need to be integrated into Jekyll.
  • It's basically (DomainName, Set[PublicKey]) => IO[Victory]). 1

Direct could be automated by removing an intermediate directory (the oops I fixed in eda22b3) and by not screwing up the rest of Jekyll.

Clients are advised to consult Advanced first, and fall back to Direct.

Footnotes

  1. Why, yes, I do already have a generic Nix derivation that does this, I'm glad you asked.

@rossabaker
Copy link
Member Author

I'm going to merge this to get something working, and we can debate Advanced and automation when we have to update it before it expires again in July.

@rossabaker rossabaker merged commit 7ae6290 into development Jan 26, 2024
3 checks passed
@rossabaker
Copy link
Member Author

rossabaker commented Jan 26, 2024

Follow-up: this passes all four direct WKD tests and successfully verifies the domain with Ariadne.

GitHub verification would be neat, but requires a gist, which orgs can't do. Mastodon and OpenCollective are possible, but really have nothing to do with this key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants