summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2012-03-29 11:37:07 -0500
committerDan McGee <dan@archlinux.org>2012-03-29 11:37:07 -0500
commitef88f3d5ef696b71a65a81f143b13ae27175a1c5 (patch)
tree6e72a4655d2bcf7ea0699807837ce7a9f82f74c7 /templates
parent5555ce02278defaef0ef1388c163701eea3aff7e (diff)
Add developer status table to master keys page
This shows the cross-product of each master key with each developer key so you can see who has been signed, where signatures are missing, etc. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'templates')
-rw-r--r--templates/public/keys.html56
1 files changed, 47 insertions, 9 deletions
diff --git a/templates/public/keys.html b/templates/public/keys.html
index 6b06cc32..a7c91c43 100644
--- a/templates/public/keys.html
+++ b/templates/public/keys.html
@@ -15,15 +15,6 @@
<p>The {{ keys|length }} key{{ keys|pluralize }} listed below should be
regarded as the current set of master keys. They are available on public
keyservers and should be signed by the owner of the key.</p>
- <p>All official Arch Linux developers and trusted users should have their
- key signed by at least three of these master keys. This is in accordance
- with the PGP <em>web of trust</em> concept. If a user is willing to
- marginally trust all of the master keys, three signatures from different
- master keys will consider a given developer's key as valid. For more
- information on trust, please consult the
- <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a>
- and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to
- validate keys</a>.</p>
<table class="pretty2">
<thead>
@@ -55,5 +46,52 @@
{% endfor %}
</tbody>
</table>
+
+ <p>The following table shows all active developers and trusted users along
+ with the status of their personal signing key. A 'Yes' indicates that the
+ personal key of the developer is signed by the given master key. A 'No'
+ indicates it has not been signed; however, this does not necessarily mean
+ the key should not be trusted.</p>
+ <p>All official Arch Linux developers and trusted users should have their
+ key signed by at least three master keys if they are responsible for
+ packaging software in the repositories. This is in accordance with the PGP
+ <em>web of trust</em> concept. If a user is willing to marginally trust all
+ of the master keys, three signatures from different master keys will
+ consider a given developer's key as valid. For more information on trust,
+ please consult the
+ <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a>
+ and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to
+ validate keys</a>.</p>
+
+ <table class="pretty2" id="key-status">
+ <thead>
+ <tr>
+ <th></th>
+ <th>PGP Key</th>
+ {% for key in keys %}
+ <th>{{ key.owner.get_full_name }}</th>
+ {% endfor %}
+ </tr>
+ <tr>
+ <th></th>
+ <th></th>
+ {% for key in keys %}
+ <th>{% pgp_key_link key.pgp_key %}</th>
+ {% endfor %}
+ </tr>
+ </thead>
+ <tbody>
+ {% for user in active_users %}
+ <tr>
+ <th>{{ user.get_full_name }}</th>
+ <td>{% pgp_key_link user.userprofile.pgp_key %}</td>
+ {% spaceless %}{% for key in keys %}
+ {% signature_exists signatures key.pgp_key user.userprofile.pgp_key as signed %}
+ <td class="signed-{{ signed|yesno }}">{{ signed|yesno|capfirst }}</td>
+ {% endfor %}{% endspaceless %}
+ </tr>
+ {% endfor %}
+ </tbody>
+ </table>
</div>
{% endblock %}