Re: [PULL 00/26] Migration 20240104 patches

[Peter Maydell]

On Mon, 8 Jan 2024 at 02:35, Peter Xu <peterx@redhat.com> wrote:
>
> On Mon, Jan 08, 2024 at 10:10:24AM +0800, Peter Xu wrote:
> > On Sun, Jan 07, 2024 at 11:28:25AM -0500, Stefan Hajnoczi wrote:
> > > On Sun, 7 Jan 2024 at 10:23, Peter Maydell <peter.maydell@linaro.org> 
> > > wrote:
> > > >
> > > > On Sun, 7 Jan 2024 at 12:41, Stefan Hajnoczi <stefanha@gmail.com> wrote:
> > > > >
> > > > > On Sun, 7 Jan 2024 at 07:34, Peter Xu <peterx@redhat.com> wrote:
> > > > > >
> > > > > > On Fri, Jan 05, 2024 at 04:08:40PM +0000, Peter Maydell wrote:
> > > > > > > I notice that your gpg key doesn't seem to be signed by anybody
> > > > > > > else; you might look at whether it's easy to get it signed
> > > > > > > by somebody else (eg some of your redhat colleagues).
> > > > > >
> > > > > > Hmm, I think I have signed with at least Juan and Stefan.  Which is 
> > > > > > the key
> > > > > > server we normally use?  Maybe I missed some steps there?
> > > > >
> > > > > Yes, Peter's key is signed by me:
> > > > >
> > > > > $ gpg --list-signatures 3B5FCCCDF3ABD706
> > > > > pub   ed25519/0x3B5FCCCDF3ABD706 2023-10-03 [SC]
> > > > >       Key fingerprint = B918 4DC2 0CC4 57DA CF7D  D1A9 3B5F CCCD F3AB 
> > > > > D706
> > > > > uid                   [  full  ] Peter Xu <xzpeter@gmail.com>
> > > > > sig 3        0x3B5FCCCDF3ABD706 2023-10-03  [self-signature]
> > > > > sig          0x9CA4ABB381AB73C8 2023-10-10  Stefan Hajnoczi
> > > > > <stefanha@redhat.com>
> > > > > uid                   [  full  ] Peter Xu <peterx@redhat.com>
> > > > > sig 3        0x3B5FCCCDF3ABD706 2023-10-03  [self-signature]
> > > > > sig          0x9CA4ABB381AB73C8 2023-10-10  Stefan Hajnoczi
> > > > > <stefanha@redhat.com>
> > > > > sub   cv25519/0xD5261EB1CB0C6E45 2023-10-03 [E]
> > > > > sig          0x3B5FCCCDF3ABD706 2023-10-03  [self-signature]
> > > > >
> > > > > I have pushed to the keyservers again in case I forget.
> > > >
> > > > Thanks. Which keyservers did you use? I think these days the
> > > > keyserver infrastructure is unfortunately fragmented; I
> > > > probably didn't try refreshing from the right keyserver.
> > >
> > > I ran gpg --send-key again and it said hkps://keyserver.ubuntu.com.
> >
> > Thanks Stefan.  Indeed I can only see Stefan's sig there on the key server:
> >
> > https://keyserver.ubuntu.com/pks/lookup?search=3b5fcccdf3abd706&fingerprint=on&op=index
> >
> > I am guessing Juan forgot to do a "gpg --send-keys 3B5FCCCDF3ABD706". I'll
> > also try to ask maybe one or two more people to exchange keys.  Maybe
> > that'll also help.
>
> Besides that, just now I also tried to do a remote --recv-keys on my own
> key and I found that indeed the signature from Stefan was not attached.
>
> Then I found this:
>
> https://daniel-lange.com/archives/178-Getting-gpg-to-import-signatures-again.html
>
> So it seems the default behavior of gpg command changed recently that it'll
> stop to receive signatures besides the self signature to avoid DoS to the
> keyservers.
>
> https://dev.gnupg.org/rG23c978640812d123eaffd4108744bdfcf48f7c93
>
> In short, now we seem to need:
>
>   $ gpg --recv-keys --keyserver-option no-self-sigs-only $KEY_ID
>
> To recover the old behavior to receive signs from others.

Ah, thank you. Yes, that did the trick and I now can see the
signatures on your key from other people.

-- PMM