[newmaint-site] Bug#795989: nm.debian.org: implement tracking per-key signed agreements in the site

Enrico Zini enrico at debian.org
Tue Aug 18 13:39:27 UTC 2015 

Package: nm.debian.org
Severity: wishlist

Hello,

we currently spend considerable effort looking in the mailboxes for
signed SC+DMUP agreements. This can be automated by introducing the
concept of "verified key fingerprints", where a user can paste a signed
agreement into the site, and the site checks the signature and the text
and marks the fingerprint as verified.

This would both automate some more of the procedure, and allow to carry
over the verification from the DM process to the DD process if the key
does not change. It would also implement one step for applying as a DM
via nm.debian.org.

Possible implementation steps are:

 - Create a new Fingerprint model, with a ForeignKey to Person.
 - The Fingerprint model has a boolean value for "verified"
 - The Fingerprint model also has a boolean value for "removed", to mark
   keys that have been revoked or are not used anymore. There can be
   only one non-removed key for each Person.

In the site, fingerprints are shown differently if they are validated or
not. The owner of the fingerprint can click on a non-validated
fingerprint to validate it.

The validation page generates a string to be signed verbatim, along the
lines of "Today is YYYY-MM-DD and My name is $NAME. I have read and I
agree to uphold the Debian Social Contract and the Debian Free Software
Guidelines in my Debian work. I have also read the Debian Machine Usage
Policy, and I accept them."
It can even be presented as a shell snippet to be copypasted and
executed.

The resulting clearsigned message can be copypasted into a web form and
submitted. Upon submission, the site can check the signature, check that
the contents of the text have not been altered, and mark the key as
verified.


Enrico

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

More information about the newmaint-site mailing list