summaryrefslogtreecommitdiff
path: root/templates/public/keys.html
blob: f15ec1a9508744051a274f59f1f3264b2c3001f4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
{% extends "base.html" %}
{% load static from staticfiles %}
{% load pgp %}

{% block title %}{{ BRANDING_DISTRONAME }} - Master Signing Keys{% endblock %}

{% block content %}
<div id="signing-keys" class="box">
    <h2>Master Signing Keys</h2>

    <p>This page lists the {{ BRANDING_DISTORNAME }} Master Keys. This is a distributed set of
    keys that are seen as "official" signing keys of the distribution. Each key
    is held by a different developer, and a revocation certificate for the key
    is held by a different developer. Thus, no one developer has absolute hold
    on any sort of absolute, root trust.</p>
    <p>The {{ keys|length }} key{{ keys|pluralize }} listed below should be
    regarded as the current set of master keys. They are available on public
    keyservers and should be signed by the owner of the key.</p>

    <table class="pretty2">
        <thead>
            <tr>
                <th>Master Key</th>
                <th>Full Fingerprint</th>
                <th>Owner</th>
                <th>Owner's Signing Key</th>
                <th>Revoker</th>
                <th>Revoker's Signing Key</th>
                <th>Developer/TU Keys Signed</th>
            </tr>
        </thead>
        <tbody>
            {% for key in keys %}
            <tr>
                <td>{% pgp_key_link key.pgp_key %}</td>
                <td><tt>{{ key.pgp_key|pgp_fingerprint }}</tt></td>
                {% with key.owner.userprofile as owner_profile %}
                <td><a href="{{ owner_profile.get_absolute_url }}">{{ key.owner.get_full_name }}</a></td>
                <td>{% pgp_key_link owner_profile.pgp_key %}</td>
                {% endwith %}
                {% with key.revoker.userprofile as revoker_profile %}
                <td><a href="{{ revoker_profile.get_absolute_url }}">{{ key.revoker.get_full_name }}</a></td>
                <td>{% pgp_key_link revoker_profile.pgp_key %}</td>
                {% endwith %}
                <td>{{ key.signature_count }}</td>
            </tr>
            {% endfor %}
        </tbody>
    </table>

    <ul>
        <li><a href="#master-sigs">Master Key Signatures</a></li>
        <li><a href="#visualization">Visualization of PGP Master and Developer Keys</a></li>
        <li><a href="#cross-sigs">Developer Cross-Signatures</a></li>
    </ul>
</div>

<div class="box">
    <h2 id="master-sigs">Master Key Signatures</h2>

    <p>The following table shows all active developers and trusted users along
    with the status of their personal signing key. A 'Yes' indicates that the
    personal key of the developer is signed by the given master key. A 'No'
    indicates it has not been signed; however, this does not necessarily mean
    the key should not be trusted.</p>
    <p>All official {{ BRANDING_DISTRONAME }} developers and trusted users should have their
    key signed by at least three master keys if they are responsible for
    packaging software in the repositories. This is in accordance with the PGP
    <em>web of trust</em> concept. If a user is willing to marginally trust all
    of the master keys, three signatures from different master keys will
    consider a given developer's key as valid. For more information on trust,
    please consult the
    <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a>
    and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to
    validate keys</a>.</p>

    <table class="pretty2" id="key-status">
        <thead>
            <tr>
                <th>Developer</th>
                <th>PGP Key</th>
                {% for key in keys %}
                <th>{{ key.owner.get_full_name }}<br/>
                {% pgp_key_link key.pgp_key %}</th>
                {% endfor %}
            </tr>
        </thead>
        <tbody>
            {% for user in active_users %}{% with user_key=user.userprofile.pgp_key %}
            <tr>
                <th>{{ user.get_full_name }}</th>
                <td>{% pgp_key_link user_key %}</td>
                {% spaceless %}{% for key in keys %}
                {% signature_exists signatures key.pgp_key user_key as signed %}
                <td class="signed-{{ signed|yesno }}">{{ signed|yesno|capfirst }}</td>
                {% endfor %}{% endspaceless %}
            </tr>
            {% endwith %}{% endfor %}
        </tbody>
    </table>
</div>

<div class="box">
    <h2 id="visualization">Visualization of PGP Master and Developer Keys</h2>

    <div id="visualize-keys" class="visualize-chart"></div>
</div>

<div class="box">
    <h2 id="cross-sigs">Developer Cross-Signatures</h2>

    <p>This table lists signatures directly between developer keys.</p>

    <table class="pretty2" id="cross-signatures">
        <thead>
            <tr>
                <th>Signer</th>
                <th>Signee</th>
                <th>Created</th>
                <th>Expires</th>
            </tr>
        </thead>
        <tbody>
            {% for sig in cross_signatures %}
            <tr>
                <td>{% user_pgp_key_link developer_keys sig.signer %}</td>
                <td>{% user_pgp_key_link developer_keys sig.signee %}</td>
                <td>{{ sig.created }}</td>
                <td>{{ sig.expires|default:"" }}</td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
</div>
{% endblock %}

{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script>
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
<script type="text/javascript" src="{% static "visualize.js" %}"></script>
<script type="text/javascript">
$(document).ready(function() {
    $("#key-status").tablesorter({
        sortLocaleCompare: true,
        headers: { 1: { sorter: false } }
    });
    $("#cross-signatures").tablesorter({
        sortLocaleCompare: true
    });
});
$(document).ready(function() {
    developer_keys("#visualize-keys", "{% url 'pgp-keys-json' %}");
});
</script>
{% endblock %}