The committer's handbook suggests using some specific options for GnuPG to generate a key (see https://docs.freebsd.org/en/articles/committers-guide/#pgpkeys). These options should be reviewed and possibly updated, because they have some issues: * some of them are defaults (fixed-list-mode, verify-options show-uid-validity, list-options show-uid-validity, at least as far as I can tell); * some of them only impact the output of gpg, so may not be needed, and at the very least should be put next to each other, not mixed with others that impact key preferences (all the above); * some are a bit obsolete (default-prefs does not include anything for AEAD, nor any Camellia algorithm); * some are a bit dangerous (cert-digest-algo SHA512 may break the OpenPGP protocol and its use is discouraged in the GnuPG docs); * some are very weird (what is issuer-fpr@notations.openpgp.fifthhorseman.net ?) * none are commented, nor there is a link to the GnuPG doc (https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html
Created attachment 232093 [details] potential patch Potential patch attached, that * removes default, obsolete, potentially dangerous, and weird options; * add a comment for each option leftover; * specifies that these are only minimal defaults for signing and key creation, and links to the GnuPG docs.
It seems we also need to update the example and checkkey.sh script to let everything in the current standards. $ gpg --full-gen-key (devel) gpg (GnuPG) 2.3.3; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card Your selection? Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 (6) Brainpool P-256 Your selection? Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 3y Key expires at Thu Feb 27 11:23:05 2025 -03 Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: Example Name Email address: examplegpg@example.com Comment: You selected this USER-ID: "Example Name <examplegpg@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o $ ./checkkey.sh examplegpg@example.com WARNING: Multiple keys found for <examplegpg@example.com>; checking all. WARNING: If this is not what you want, specify a key ID on the command line. key 058D86854BCA9F3E: *UNKNOWN*, 802551913614111591151 bits ** problems found: non-preferred algorithm ** key 058D86854BCA9F3E should not be used!
One could even go one step further and wonder whether we should start allowing SSH signatures (see, e.g., https://www.agwa.name/blog/post/ssh_signatures), also on commits, but that seems a much wider discussion.
Recent versions of GnuPG do a much better job about sensible defaults than historical ones. I don't think there's a good reason to interfere with most of the defaults anymore. I agree that most of the overrides we document actually do more harm than good. The sig-notation is potentially worth keeping ... but does anyone really use certification subkeys? It's a little strange as a default. And having it in someone's personal namespace does look odd. I think we should also accept the GnuPG default for personal-digest-preferences. I see no reason to override this.
(In reply to Philip Paeps from comment #4) Hi Philip, I agree. I'm still very puzzled by the sig-notation: who is " issuer-fpr@notations.openpgp.fifthhorseman.net"? Is one supposed to use one's own address there?". Why do you think it is useful? I can update patch to just remove any option, or you can just go ahead and remove this part.
I take this, I have discussed it with philip@ by email
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/doc/commit/?id=5ffcb5c257b63b96356f85b9f93d4623f4f11757 commit 5ffcb5c257b63b96356f85b9f93d4623f4f11757 Author: Matteo Riondato <matteo@FreeBSD.org> AuthorDate: 2023-09-07 17:41:00 +0000 Commit: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> CommitDate: 2023-09-07 17:41:00 +0000 Committer's guide: Review gpg.conf options Discussed by email with philip@ Changed the original patch to add the 'link' macro PR: 262174 .../content/en/articles/committers-guide/_index.adoc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-)
Done. Thanks for the patch!