PGP key recommendations for Ubuntu Development
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Sep 17 11:20:24 UTC 2025
Hi Tech-Board,
I'm already working for a while on an improvement to how Ubuntu
developers handle their PGP keys. Without any offense, up to now it
mostly is "Create a key, and somehow try to handle it safely". But
throughout the population of developers I see various different
interpretations of "safely" :-)
Most of those that take it rather seriously have settled on a setup
that utilizes hardware keys and I was collecting their input and
experience for a while. After aligning with Stephanie at the last
sprint I signed myself up to drive a public recommendation policy
about what we suggest to overcome the inferior undocumented "Create a
key, and somehow try to handle it safely".
After some internal rounds with early adopters as well as internal
stakeholders on my initial draft, I've recently opened it up as a
public PR to the project docs [1] and already got quite good feedback
there.
The intention is, in a while, to go further outwards with a hint
pointing to the PR on ubuntu-devel or similar.
But to truly land this PR eventually I feel it needs one of you
representing the TB to either say "Approved by TB" or "Debated, OK,
but does not need our deep review and approval".
Therefore I'd ask you for your personal review and a discussion to
tell me TBs overall stance on it.
[1]: https://github.com/ubuntu/ubuntu-project-docs/pull/182
P.S. There is more that can be done as subsequent steps in the future,
but I'm intentionally trying to not let future perfection be the
blocker of helpful steps today:
- Testing and documenting exact steps to do that setup. For that I'd
want to get an agreement on the policy first, then distribute such
keys among some of our folks and ensure we polish any rough edges by
using them the way the policy says.
- There are related aspects like the Launchpad API not even having any
such capability, Stephanie is trying to push for that feature and we'd
adopt it here once possible. I allude to that in the presented PR, but
until the capability exists can't do much more.
- It is considered to one day make some of it mandatory, at least for
roles with highly elevated permissions. But for that we need to have
the above solved as it can't be mandatory without good documentation
or while leaving a huge other door (API) open.
--
Christian Ehrhardt
Director of Engineering, Ubuntu Server
Canonical Ltd
More information about the technical-board
mailing list