Re: Please add key for Vineet Gupta (ARC maintainer)

[Vineet Gupta <vineet.gupta@linux.dev>]

Hi Uwe,

On 6/13/25 02:49, Uwe Kleine-König wrote:
> hello Vineet,
>
> On Thu, Jun 12, 2025 at 02:52:52PM -0700, Vineet Gupta wrote:
>>
>> On 6/12/25 14:08, Konstantin Ryabitsev wrote:
>>> On Thu, 12 Jun 2025 at 16:59, Vineet Gupta <vgupta@kernel.org> wrote:
>>>>> Before creating your next UID is suggest you read
>>>>> https://dkg.fifthhorseman.net/blog/openpgp-user-id-comments-considered-harmful.html
>>>> Thx for the pointer. It makes sense.
>>>> Shall I remove them from existing key and send it over again (I see it hasn't
>>>> been pushed yet to the repo)
>>> Yes, if you want to do that, I will hold off on processing this request.
>> Thx, here you go !
>>
>> pub   rsa4096 2013-02-16 [SC] [expires: 2029-12-08]
>>       397A6E0AE47A85E76B74B08969D7F1DDE28AC25E
>> uid           [ultimate] Vineet Gupta <vgupta@kernel.org>
>> uid           [ultimate] Vineet Gupta <vineet.gupta@linux.dev>
>> uid           [ultimate] Vineet Gupta <vineetg76@gmail.com>
>> uid           [ultimate] [jpeg image of size 24452]
> That looks better now. The scripts used to maintain the kernel keyring
> will accept that key update, however your new primary UID has no
> 3rd-party signatures. And also note that the signatures on your older
> UIDs are all done using SHA-1 so they will be discarded on reimport. In
> sum there is no valid trust path from Linus to your key.
>
> It would be great if you could get a few fresh signatures on your
> kernel.org UID. The guys who signed your other UIDs earlier might be
> good candidates to sign that without the need to arrange a meeting in
> real live.

Sure thing. I was thinking of asking a couple of my current colleagues (Bjorn,
Alex) to do that instead. As long as signers are in the web of trust it should
be fine ?

> Also your key is affected by SHA-1 self signatures on the older UIDs.
> The respective output of `sq cert lint` is:
>
> 	Certificate 69D7F1DDE28AC25E contains a User ID (Vineet Gupta (alias) <vgupta@synopsys.com>) protected by SHA-1
> 	Certificate 69D7F1DDE28AC25E contains a User ID (Vineet Gupta (official) <vineet.gupta1@synopsys.com>) protected by SHA-1
> 	Certificate 69D7F1DDE28AC25E contains a User ID (Vineet Gupta (personal) <vineetg76@gmail.com>) protected by SHA-1
>
>
> See
> https://www.kleine-koenig.org/~uwe/resign-sha1/?certid=69D7F1DDE28AC25E
> for some details. Also
> https://lore.kernel.org/keys/fxotnlhsyl2frp54xtguy7ryrucuwselanazixeax3motyyoo3@7vf7ip6gxyvx/
> might be good to understand.

I tried to fix the sha-1 concern, but ran into some issues.

First up I presume this is all pgp2 as I have that alias in my bashrc from an
early/old users.kernel.org recommendation.

Per your link [1] above I was able to refetch the keys of others, force sign
them and --send-key
However my refetched key brought back the locally deleted old UIDs: was it
because I had not uploaded it to Ubuntu key server, and MIT server where I did,
is no longer functional / used ?
Anyhow do the older/deleted UIDs need to be sha-1 fixed  and then re-deleted and
--send-key to ubuntu key server?
Or is there a different order of things to do - apologies for these noob questions.

Thx,
-Vineet