Keyring instructions
--------------------
This is the keyring for the CTI project. Any new contributors with
access to CTI repositories should have an entry in the allowed-signers
file before they can be granted access to any of the CTI repositories.

Overview
~~~~~~~~
This repository contains two files, other than the README:

- an "allowed-signers" file in the format dictated by the ssh-keygen(1)
  "ALLOWED SIGNERS" section
- a "revoked-keys" file in the format dictated by ssh-keygen(1)
  "KEY REVOCATION LIST" section

The only people allowed to push to this repository are the trusted
introducers from the CTI project whose keys and identities were verified
on a video call between members of LF IT and CTI TAC.

Adding keys to the repository
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. New members who need to get access to CTI managed repositories will first
   submit their keys to the trusted introducers (procedure to be
   established; please edit this file once that is documented and
   available).

2. Once the key is validated with the trusted introducers, one of them will
   add that key to the allowed-signers file and commit that change to the
   keyring repository. The commit should:

   - describe how the identity was verified and by whom
   - provide the link to the key submission message in the archives
     (if relevant and available)
   - carry a cryptographic signature on the commit itself (via git commit -S)

3. The new member will then send a request to the LF helpdesk to request
   access to gitolite (the exact template to be established, and will include
   username selection and gitolite group membership details; please edit
   this file once this procedure is documented).

4. Members of LF IT will use the allowed-signers file in this repository
   for the source of the public key data. The signature on the commit
   will not be checked (it's there for repository integrity verification
   purposes) -- being able to push to the repository provides sufficient
   verification of introducer's identity.

Revoking keys from the project
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A trusted introducer will remove the key from the allowed-signers file and add
an entry to the revoked-keys file, then follow with a request to the LF
helpdesk to remove repository access.

Using this keyring for git commit verification
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files in this repository can be used for git commit verification. It is
sufficient to add the following entries to the .git/config file of any
repository used for commit verification::

    [user]
        signingKey = "ssh-rsa AAAAYOUR_FULL_SSH_PUBKEY..."

    [commit]
        gpgSign = true

    [gpg]
        format = ssh

    [gpg "ssh"]
        allowedSignersFile = ~/path/to/keyring/allowed-signers
        revocationFile = ~/path/to/keyring/revoked-keys