On Tue, 8 Jun 2004 20:51:58 +0300 (EEST), Nikodemus Siivola tsiivola@cc.hut.fi said:
Nikodemus> You're receiving this email because your common-lisp.net home directory Nikodemus> contains no pubkey.asc, but does hold .ssh/authorized_keys.
Nikodemus> Please verify that you have access, and put you GPG public key in your Nikodemus> home directory as pubkey.asc. You can get GPG to export it with the Nikodemus> command "gpg --armor --export <name>".
Nikodemus> If you have any questions, please send mail to admin@common-lisp.net.
Hi there,
Sorry, I'm not sure what I'm supposed to do here. Is this public key related to the ~/.ssh/id_dsa.pub file that was generated by ssh-keygen? I don't have gpg on the Mac where I ran this.
On Wed, 9 Jun 2004, Martin Simmons wrote:
Sorry, I'm not sure what I'm supposed to do here. Is this public key related to the ~/.ssh/id_dsa.pub file that was generated by ssh-keygen? I don't have gpg on the Mac where I ran this.
Apologies, I should have been clearer in the original message.
We treat developer GPG public keys as an opaque identities: if we need to confirm that the person we're dealing with tomorrow is the same one that originally got the account, or eg. in order to send out a passwords encrypted. After the recent attack we're tightening up our procedures on this front as well.
The pubkey.asc is entirely a GPG affair, unrelated to SSH. As long as nothing untowards happens the matter of your GPG public key is not urgent.
If/when you have the occasion, installing GPG and uploading the public key to your home directory would be a good insurance. If you have GPG installed on some other computer you can of course export the key from there as well -- the GPG keys are personal, not per computer like SSH keys.
Cheers,
-- Nikodemus "Not as clumsy or random as a C++ or Java. An elegant weapon for a more civilized time."
On Wed, 9 Jun 2004 18:17:56 +0300 (EEST), Nikodemus Siivola tsiivola@cc.hut.fi said:
Nikodemus> On Wed, 9 Jun 2004, Martin Simmons wrote:
Sorry, I'm not sure what I'm supposed to do here. Is this public key related to the ~/.ssh/id_dsa.pub file that was generated by ssh-keygen? I don't have gpg on the Mac where I ran this.
Nikodemus> Apologies, I should have been clearer in the original message.
Nikodemus> We treat developer GPG public keys as an opaque identities: if we need to Nikodemus> confirm that the person we're dealing with tomorrow is the same one that Nikodemus> originally got the account, or eg. in order to send out a passwords Nikodemus> encrypted. After the recent attack we're tightening up our procedures on Nikodemus> this front as well.
Nikodemus> The pubkey.asc is entirely a GPG affair, unrelated to SSH. As long as Nikodemus> nothing untowards happens the matter of your GPG public key is not urgent.
Nikodemus> If/when you have the occasion, installing GPG and uploading the public key Nikodemus> to your home directory would be a good insurance. If you have GPG Nikodemus> installed on some other computer you can of course export the key from Nikodemus> there as well -- the GPG keys are personal, not per computer like SSH Nikodemus> keys.
Thanks, I suspected they were different things. I'll do this soon.
__Martin
-
Martin Simmons -
Nikodemus Siivola