diff options
| author | Joey Hess <joeyh@joeyh.name> | 2017-05-20 17:09:28 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-05-20 17:21:08 -0400 |
| commit | 73a310ce49c91f0884d05a8d2cd8c96c3c5447d3 (patch) | |
| tree | 1d7489b13e5ae950a849508857111966e538625e /doc/faq.mdwn | |
| parent | 34b0151e125a6698f57ea476ccfa922c6275edf1 (diff) | |
| download | debug-me-73a310ce49c91f0884d05a8d2cd8c96c3c5447d3.tar.gz | |
developer keyring verification
* gpg keyrings in /usr/share/debug-me/ will be checked
to see if a connecting person is a known developer of software
installed on the system, and so implicitly trusted already.
Software packages/projects can install keyrings to that location.
(Thanks to Sean Whitton for the idea.)
* make install will install /usr/share/debug-me/debug-me_developer.gpg,
which contains the key of Joey Hess. (stack and cabal installs don't
include this file because they typically don't install system-wide)
* debug-me.cabal: Added dependency on time.
This commit was sponsored by Francois Marier on Patreon.
Diffstat (limited to 'doc/faq.mdwn')
| -rw-r--r-- | doc/faq.mdwn | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/doc/faq.mdwn b/doc/faq.mdwn index c9b46ea..6884ec0 100644 --- a/doc/faq.mdwn +++ b/doc/faq.mdwn @@ -6,20 +6,28 @@ #### Should I let John Doe connect to my debug-me session? I don't know that guy. -When a developer connects to your debug-me session, it will display -their GnuPG key, and the number of people who have signed it. It will -also list the names of some of those people (the best connected ones). - -If the developer of software you use is connecting to debug-me, -their software documentation might say what their GnuPG key is. Then you -can simply check that the GnuPG key ids match. +When a developer connects to your debug-me session, debug-me will display +their GnuPG key, and information about it, including +the number of people who have signed it. It will also list the names +of some of those people (the best connected ones). + +Suppose you're using Debian, and debug-me says "John Doe is a Debian +developer". Then it's probably safe to let this person connect, +because you already trust this guy implicitly, since you're using software +he develops. + +How does debug-me know that John Doe is a Debian developer? It's checked +that his gpg key is in the keyring at +`/usr/share/debug-me/keyring/a_Debian_developer.gpg`, which is provided by +Debian. Other software projects that are installed on your computer can +also put keyrings in that directory, and then debug-me will be able to +tell then a developer of a project is connecting. If debug-me says that "John Doe is probably a real person", it means that he's connected to the strong set of the GnuPG web of trust. Other people, who certianly are real, have verified his identity. -So even if you don't know his name, it can be safe to let him connect. - -But it's a gut call. If in doubt, don't let the developer connect. +So even if you don't know his name, it can be safe to let him connect, +but if in doubt, don't let him. If debug-me says "identity cannot be verified!", it means that the GnuPG key couldn't be downloaded at all, or the developer is not connected to the @@ -67,6 +75,18 @@ Here's a quick checklist: * Include your GnuPG key id in your project's documentation, so users will know which key is yours. It also helps to sign git tags, tarballs, git commits, etc with your key. +* Make your software package install a gpg keyring of its developers to + /usr/share/debug-me/keyring/. + + A file there named "a_Foo_developer.gpg" + will make debug-me tell the user that "Your Name is a Foo developer." + when you connect to their debug-me session, and so the user will be more + likely to trust you and let you connect. + + For example: + + gpg --export-options export-minimal --export C910D9222512E3C7 > a_Foo_developer.gpg + * When a user has a bug that you need more information to reproduce and understand, ask if they'll use debug-me. |