added notes about preparing a release.
[monkeysphere.git] / website / archive-key.mdwn
1 [[meta title="Monkeysphere archive signing key"]]
2 [[toc ]]
3
4 ## Verifying the key ##
5
6 The [Monkeysphere apt repository](/download) is signed by this key, so
7 you [can verify](http://wiki.debian.org/SecureApt) that the packages
8 come from the right place and have not been tampered with.
9
10 This key is certified by several of the Monkeysphere developers, and
11 should be able to be found from the public keyservers with:
12
13         $ gpg --recv-key EB8AF314
14         gpg: requesting key EB8AF314 from hkp server pool.sks-keyservers.net
15         gpg: key EB8AF314: public key "Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)" imported
16         gpg: no ultimately trusted keys found
17         gpg: Total number processed: 1
18         gpg:               imported: 1  (RSA: 1)
19         $
20
21 You should be able to verify the fingerprint like this:
22
23         $ gpg --list-key --fingerprint http://archive.monkeysphere.info/debian
24         pub   4096R/EB8AF314 2008-09-02 [expires: 2009-09-02]
25               Key fingerprint = 2E8D D26C 53F1 197D DF40  3E61 18E6 67F1 EB8A F314
26         uid       [  full  ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)
27         $ 
28
29 And you can also verify the fingerprints with:
30  
31         $ gpg --list-sigs http://archive.monkeysphere.info/debian
32
33 If you believe that the repository has been tampered with, please [let
34 us know](/community)!
35
36 If you have properly verified this key, you can add it to your apt
37 keyring for proper cryptographic verification of the archive and its
38 packages by doing the following:
39
40          $ gpg -a --export EB8AF314 | sudo apt-key add -
41          OK
42          $ aptitude update
43          ...
44
45 ## The key itself ##
46
47 <pre>
48 -----BEGIN PGP PUBLIC KEY BLOCK-----
49 Version: GnuPG v1.4.9 (GNU/Linux)
50
51 mQINBEi9Ws0BEADUROJtI2VsWGI6jklofbCDw6webGi0nJTnKYSSxDE5XSWu6GtK
52 PG4RiX/YGtL+kD8+z/pVAbjqdLNypqiK5VkTZp3cE+4Yv2jxySQJz/UMNZ2wO3U+
53 9NAK2rJG3p0HhiTzAurJ2KqNstcMcPmqEDtP+J2tUHoIXttGiwFpss4R2hSBMlg+
54 nNFc53FlTadF2z3LNNCozPf7wRST2Zqkeem84+Vo2X3zy7pGpSf9S/XEPW/ve0fs
55 daADK9I6fZiqtrsb3/M3E3rESsD2YA+/25QA+XVJgtenTlaYEMkI0ARpd44oBHp7
56 Oj0RbRZ0Wz6OYDiJl6D2YJ1nFRHhbx+tnCJvuqUUkv3HYD85mGWIow7ElX5fc4iT
57 RdYUE3ebImES0gsaasNl3JUjuImNbrqqjQsAaN7JV77TqR8GGRLcalZkvIgY5b4a
58 hRYY16rvUaqZ4aYpiZftvE0X07W+siYqGfCynOn0+iX80pKid8gATjrwGdQ6TBr7
59 +yrBkmFTJFCCi5TS8gaJPdMJzYs7C3ou9XOWJLuwmnwn9edaCSTJ1Vgq+8eKjDj8
60 NxER5vjtXdAJqCJm7d4eNgHYXTNqRPznJRsutVfkFwEIzGXvvhnnDC1PdnhBjBVI
61 1+TbdSz9qKq3VaCxr6HNk9CBF2S0El3YMRmy0Zlf6/AOo9XiW3fp3LL6AwARAQAB
62 tEpNb25rZXlzcGhlcmUgQXJjaGl2ZSBTaWduaW5nIEtleSAoaHR0cDovL2FyY2hp
63 dmUubW9ua2V5c3BoZXJlLmluZm8vZGViaWFuKYkCPAQTAQIAJgUCSL1azQIbAwUJ
64 AeEzgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBjmZ/HrivMUFIYP/30NIcTO
65 EucC2S3YI+8UiedBfqM6iIJ9jS73avvfNdjv5MsfTeERXOGKgmE/JM2FwtIPgzOU
66 R7qEu0W4WG2kYN+pABzpoRijm9F2zwNzSrZdzinClhxKBZzhg9tylvXdVxrdfAVS
67 3XoQrAK5W/5zZBBmkW18bmlgu7hLY9jfYfwJH1/jhV40UtuWPW5kfBoZlrv9S4l2
68 WUA7drrWlyk+h4Q/ZxF6aQljyI9a1oXNfcgpGCorIBNlMlwjNaL4DWmH4j/kchLG
69 Vka35t3R5OjlRo8jsd12nc6gp0K3BdDTEd1AJQbqTS+sb+ocdeNpSUQoCn8XIg9V
70 ELV9XE0n2vmvG3i4CJuOyHOHuW5IqJ1k8W4e9fikpBOmOy7Jdec5johI9wtkRiYg
71 9i5vqM/wKSW14QCkLeQP/YtIK0o0J+FOj7FUTI+wM5AXGeva53McnzbiUnJPRFIR
72 du8vvdmvu1wuWb3AWLIysU0bsbSSGZ9g7cX2p/qdH1Hvi2Ji8sM020WHBFuvRXEJ
73 i8/RXiIxj0LR/DO8ihd/x1MTwfSTEZ6ecnywDv7Wtx19i5NRX5Ik72M75kzD29TW
74 7mTsgZbYWrHT3gHmL3pWxPKa8nsEC/HUlcCnIrOPiwNcNu7+4L1ikbJXDRwVLjWP
75 enmAs1srZ2+Pm2Gm1pM6uzl0qGR9J5GmdPf2iQIcBBABAgAGBQJIvVyrAAoJEMzS
76 7ZTSFznpYQ0P/iTg3IlgNiRAlYXcrmiKKbMLSgUekQl6O7eUowXS9vKEyzgcxr3e
77 DWARHsf01DrHJvkwdbaQPmq5mZcWxYaEdWY7VtCNHf11vnRV6ws7S3aiV3Hmf0II
78 GaGBJywhDw/hkz2gTM3V71whYm1tgPbw/ilVqJtt8jVL9qbGsXer8Yx0iLFSCfaj
79 SpgBo/1WlyxSm+i958ddSaQ+uTrAPgChYT7jseAIzF3UB95i00OkHaK30tb6SdWC
80 4hgptMAhU0lW9tKDviMtoKUQa7LiCa4RyQ9TJQcsjJBoFVskcLl9f6GNEP72bN0V
81 ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd
82 /mb9mCtKvwo14LeKIIIYP19Z7142X2c2txSY3u6eNNo3ImqcPJNOM2xFqLcdSeVr
83 S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb
84 59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu
85 GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T
86 a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVdiEYEEBEC
87 AAYFAki9wXQACgkQ9n4qXRzy1ioXYwCgmzCV+o+Ai0gNx0pt9shofcjfJoAAoInV
88 mhn36lBeDh/E6cigrUlkdDGWiQIcBBABAgAGBQJIvdcSAAoJEO00zqvie6q8sB4Q
89 AKDLTKqtiONf4FkMCZFcMxQyiALcy76zTW9L2oK90zKRhKSt5RPnVmDVyiinBcRJ
90 h0lEkpxoqSrs+0XvASWC3RzWLEbW6XXsuHO1RXFsC3FNbe0HkHenirenFkitPMDX
91 Q5gHmCJ6yiq2ssuzXAG9vZ4HjkUINBgkeMASiTRC7o0we7jFSRzOTCs4WWdsavrx
92 7bhCadeC35ISldTSo6nOP3laPctPcLD83cJszzQyHr/LjF6KYr6n85NAwIt/oxHh
93 EUxmezx+lMwWHdr9TQzXzU8cxLSBZ+c+PuZ/NuHz9fOv87eaFDNEqKli9zhzh4eA
94 EMeiWKQXHYlmEUUWnZoea46jdjBrvHphogqlCjzMDHtg/pWOsYrGeXjjZ352SGN4
95 vyinkdxwUppGQATz55WyiWIzCY1Kt7lqaQHfAM1NgVdoCQ0stlulIO4LVepHRiAY
96 HO4EPeQO6pVGGHWCzJyEcMcaBsYGpr9DndSNd66O+Gyeq8QobKnvTH25kwVt/8t1
97 9nS+7NLwBrqXCISeDrOQYq5XeCdvpAuJy4CEN5muQWRdUPekE2dh7qcVUdROepq0
98 1wMemkmgTLlA0Md7ZdZqsllKhVQ7/HOFzshEaj/VcFrQshuIAjDZFN/OrGLX/NcL
99 tcaBmD9lZSQ3CyxnBUTeMdJCOLOK050jNvsEsM89FL+g
100 =bJWl
101 -----END PGP PUBLIC KEY BLOCK-----
102 </pre>
103
104 ## Management of the key ##
105
106 The archive signing key is currently under the control of [Daniel Kahn
107 Gillmor](http://cmrg.fifthhorseman.net/dkg), though the task of being
108 the archive maintainer may be taken over by a different developer in
109 the future.
110
111 In the event of a new archive maintainer, the entire archive will be
112 rebuilt from signed tags in [the monkeysphere git
113 repository](/community), rather than trying to re-verify the entire
114 old archive.
115
116 ## Maintaining the archive ##
117
118 To create a new archive including a single monkeysphere package from
119 tag `$TAG` on architecture `$ARCH`, do:
120
121         git clone git://git.monkeysphere.info/monkeysphere
122         cd monkeysphere
123         git tag -v "$TAG"
124         git checkout "$TAG"
125         debuild -uc -us
126         cd repo
127         reprepro -C monkeysphere include experimental "../$TAG_$ARCH.changes"
128
129 When you get a binary package built from a separate architecture
130 `$NEWARCH` that you want to include with the archive, do:
131
132         cd repo
133         reprepro -C monkeysphere includedeb experimental "../$TAG_$NEWARCH.deb"
134
135 To publish the archive, make sure you have access to
136 `archivemaster@george.riseup.net`, and then do:
137
138         cd repo
139         ./publish