diff options
| author | Dan McGee <dan@archlinux.org> | 2012-03-29 11:37:07 -0500 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2012-03-29 11:37:07 -0500 |
| commit | ef88f3d5ef696b71a65a81f143b13ae27175a1c5 (patch) | |
| tree | 6e72a4655d2bcf7ea0699807837ce7a9f82f74c7 /templates/public | |
| parent | 5555ce02278defaef0ef1388c163701eea3aff7e (diff) | |
Add developer status table to master keys page
This shows the cross-product of each master key with each developer key
so you can see who has been signed, where signatures are missing, etc.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'templates/public')
| -rw-r--r-- | templates/public/keys.html | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/templates/public/keys.html b/templates/public/keys.html index 6b06cc32..a7c91c43 100644 --- a/templates/public/keys.html +++ b/templates/public/keys.html @@ -15,15 +15,6 @@ <p>The {{ keys|length }} key{{ keys|pluralize }} listed below should be regarded as the current set of master keys. They are available on public keyservers and should be signed by the owner of the key.</p> - <p>All official Arch Linux developers and trusted users should have their - key signed by at least three of these master keys. This is in accordance - with the PGP <em>web of trust</em> concept. If a user is willing to - marginally trust all of the master keys, three signatures from different - master keys will consider a given developer's key as valid. For more - information on trust, please consult the - <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a> - and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to - validate keys</a>.</p> <table class="pretty2"> <thead> @@ -55,5 +46,52 @@ {% endfor %} </tbody> </table> + + <p>The following table shows all active developers and trusted users along + with the status of their personal signing key. A 'Yes' indicates that the + personal key of the developer is signed by the given master key. A 'No' + indicates it has not been signed; however, this does not necessarily mean + the key should not be trusted.</p> + <p>All official Arch Linux developers and trusted users should have their + key signed by at least three master keys if they are responsible for + packaging software in the repositories. This is in accordance with the PGP + <em>web of trust</em> concept. If a user is willing to marginally trust all + of the master keys, three signatures from different master keys will + consider a given developer's key as valid. For more information on trust, + please consult the + <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a> + and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to + validate keys</a>.</p> + + <table class="pretty2" id="key-status"> + <thead> + <tr> + <th></th> + <th>PGP Key</th> + {% for key in keys %} + <th>{{ key.owner.get_full_name }}</th> + {% endfor %} + </tr> + <tr> + <th></th> + <th></th> + {% for key in keys %} + <th>{% pgp_key_link key.pgp_key %}</th> + {% endfor %} + </tr> + </thead> + <tbody> + {% for user in active_users %} + <tr> + <th>{{ user.get_full_name }}</th> + <td>{% pgp_key_link user.userprofile.pgp_key %}</td> + {% spaceless %}{% for key in keys %} + {% signature_exists signatures key.pgp_key user.userprofile.pgp_key as signed %} + <td class="signed-{{ signed|yesno }}">{{ signed|yesno|capfirst }}</td> + {% endfor %}{% endspaceless %} + </tr> + {% endfor %} + </tbody> + </table> </div> {% endblock %} |