Commit Graph

1 Commits (cd114c90e0f84e12dd1d154280ff24610032167d)

Author SHA1 Message Date
Tod Beardsley 7a321c7350
Import, sign, and publish signed dev keys
This largely automates the process of importing developer keys,
much like `import-dev-keys.sh`, but also takes the additional, sadly
manual step of signing the key with your default key, and uploading
those keys to https://sks-keyservers.net.

In effect, you are stating that you trust keys published on keybase.io
and are listed as such on the official Metasploit-Framework development
wiki.

If your own default key either has no passphrase, or has a passphrase
cached in a keymanager, the process merely requires you hit `y` for
every key, and `y` again for keys with multiple IDs. Otherwise, you
will need to provide your passphrase for each signing. Temporarily
removing the passphrase alleviates this pain.

Of course, this assumes you actually trust the development wiki
and keybase to do the right thing. The tradition is to individually
verify each key through some personally invented means, such as in
person with a government ID check.

Note that `import-dev-keys.sh` currently lists a number of keys
not on Keybase, and that functionality has not been carried over
to this script.
2016-07-06 10:33:02 -05:00