Mikaela/pgp-alt-wot
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/pgp-alt-wot.git synced 2025-06-28 18:27:20 +02:00
Code Issues Projects Releases Wiki Activity

import pre-commit changes from other projects

Browse Source
This commit is contained in:
Aminda Suomalainen 2025-05-14 14:39:02 +03:00
parent 7e1601e5d6
commit 07f62997c8
Signed by: Mikaela
GPG Key ID: 99392F62BAE30723
8 changed files with 436 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.pre-commit-config.yaml
View File

@ -1,44 +1,74 @@
ci:
# Forĝejo/Gitea mirrors will autoclose pull requests. This should decrease
# the frequency of unnecessary PRs.
# https://github.com/pre-commit-ci/issues/issues/83
skip: [prettier]
autoupdate_schedule: quarterly
# Override hook language versions from system defaults
default_language_version:
python: pypy3
ruby: ".ruby-version"
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
rev: v5.0.0
hooks:
- id: trailing-whitespace
args: ["--markdown-linebreak-ext", "md,markdown"]
- id: check-yaml
- id: check-added-large-files
- id: check-case-conflict
- id: check-yaml
- id: check-executables-have-shebangs
- id: check-json
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-toml
- id: check-xml
- id: destroyed-symlinks
- id: detect-private-key
- id: end-of-file-fixer
- id: fix-byte-order-marker
- id: trailing-whitespace
exclude_types: [markdown]
- id: check-merge-conflict
- id: mixed-line-ending
args: [--fix=auto]
- id: pretty-format-json
args:
[
--autofix,
--indent,
"\t",
--no-ensure-ascii,
--top-keys,
"Name,name,domain",
]
- id: check-illegal-windows-names
- repo: https://github.com/pre-commit-ci/pre-commit-ci-config
rev: v1.6.1
hooks:
- id: check-pre-commit-ci-config
- repo: https://github.com/thlorenz/doctoc
rev: v2.2.0
hooks:
- id: doctoc
args: [--update-only]
args: [--update-only, --notitle]
- repo: https://github.com/pre-commit/mirrors-prettier
rev: "v4.0.0-alpha.8"
- repo: https://github.com/fsfe/reuse-tool
rev: v5.0.2
hooks:
- id: reuse
- repo: https://github.com/get-woke/woke
rev: "v0.19.0"
hooks:
- id: woke-from-source
- repo: local
hooks:
- id: prettier
name: prettier
entry: corepack npx prettier --cache --ignore-unknown --write
language: system
- repo: https://github.com/editorconfig-checker/editorconfig-checker.python
rev: "2.7.3"
rev: "3.2.1"
hooks:
- id: editorconfig-checker
alias: ec
# I don't actually care about line lengths as more than a guideline
args: [-disable-max-line-length]

4
LICENSES/.editorconfig Normal file
View File

@ -0,0 +1,4 @@
root = false
[*]
indent_style = space
trim_trailing_whitespace = false

121
LICENSES/CC0-1.0.txt Normal file
View File

@ -0,0 +1,121 @@
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.

66
README.md
View File

@ -1,8 +1,8 @@
# pgp-alt-wot
PGP keys signed by me so I don't have to validate the same keys
again-and-again and can just trust my own paper verified fingerprint in the
subsequent validations.
PGP keys signed by me so I don't have to validate the same keys again-and-again
and can just trust my own paper verified fingerprint in the subsequent
validations.
WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust)
@ -21,50 +21,56 @@ WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust)
For example, I use [Tor Browser](https://torproject.org/) everywhere and
download it directly from their website. They have signed it using GPG (a
OpenPGP implementation) and to ensure it hasn't been tampered with, I have
to check that signature and I have two options:
OpenPGP implementation) and to ensure it hasn't been tampered with, I have to
check that signature and I have two options:
- I can always [verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/),
but that takes time and I would need to verify it from both [support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/)
and [4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature).
But what if [they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)?
- (or) I could verify the signing key carefully once, sign (or certify) it
by myself and in the future simply verify that my own key is valid (as I
have been doing this a few times on the other side of dualbooting and at
family).
- I can always
[verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/),
but that takes time and I would need to verify it from both
[support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/)
and
[4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature).
But what if
[they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)?
- (or) I could verify the signing key carefully once, sign (or certify) it by
myself and in the future simply verify that my own key is valid (as I have
been doing this a few times on the other side of dualbooting and at family).
This second method is also [encouraged by Tails](https://tails.boum.org/install/expert/usb/index.en.html).
This second method is also
[encouraged by Tails](https://tails.boum.org/install/expert/usb/index.en.html).
What if I am wrong and trust the wrong key? I think I am less likely to
trust a wrong key by verifying it carefully and signing it once than
verifying it separately every time. However if I do sign a wrong key, I can
always revoke my signature and then publish the key with my revocation
signature on public keyservers (which I don't usually do, while I cannot
control what people do with the signatures from this repository).
What if I am wrong and trust the wrong key? I think I am less likely to trust a
wrong key by verifying it carefully and signing it once than verifying it
separately every time. However if I do sign a wrong key, I can always revoke my
signature and then publish the key with my revocation signature on public
keyservers (which I don't usually do, while I cannot control what people do with
the signatures from this repository).
## Inclusion policy
- I am reasonably certain that the key belongs to whom it claims to belong
to or I trust the key to belong to whomever it belongs to.
- I have some need of the key or have attended keysigning party with the
key owner.
- `me/me.asc` is just my key and place where I try to keep all signatures it
has received. Symlinks are legacy reasons and other me's are also me.
- I am reasonably certain that the key belongs to whom it claims to belong to or
I trust the key to belong to whomever it belongs to.
- I have some need of the key or have attended keysigning party with the key
owner.
- `me/me.asc` is just my key and place where I try to keep all signatures it has
received. Symlinks are legacy reasons and other me's are also me.
## Places to check for keys
- GitHub, Gitea and GitLab expose user public keys when you append a `.gpg`
after their profile page (`.keys` for SSH).
- [The Internet Archive's Waybackmachine](https://web.archive.org/) is always
a good place too especially when using together with official websites.
- [The Internet Archive's Waybackmachine](https://web.archive.org/) is always a
good place too especially when using together with official websites.
- Some people have similar projects or webpages for this purpose
- [Artemis' verify page](https://artemislena.eu/services/verify.html)
## Mirrors
- main: [git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/)
- main:
[git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/)
- [git.piraattipuolue.fi/Mikaela/pgp-alt-wot](https://git.piraattipuolue.fi/mikaela/pgp-alt-wot)
- [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot) ([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot))
- [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot)
([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot))
## See also

7
REUSE.toml Normal file
View File

@ -0,0 +1,7 @@
version = 1
[[annotations]]
path = "**"
precedence = "aggregate"
SPDX-FileCopyrightText = "2025 Aminda Suomalainen <suomalainen@aminda.eu>"
SPDX-License-Identifier = "CC0-1.0"

4
minisign/README.md
View File

@ -1,4 +1,4 @@
Not actually PGP, but as the function is the same, why not
Warning: minisign doesn't have and won't have WoT or inbuild certifications
or revokations on the key belonging to whom it's said to belong
Warning: minisign doesn't have and won't have WoT or inbuild certifications or
revokations on the key belonging to whom it's said to belong

14
package.json Normal file
View File

@ -0,0 +1,14 @@
{
"devDependencies": {
"@aminda/global-prettier-config": "2025.16.0",
"@prettier/plugin-ruby": "4.0.4",
"@prettier/plugin-xml": "3.4.1",
"corepack": "latest",
"prettier": "3.5.3",
"prettier-plugin-nginx": "1.0.3",
"prettier-plugin-sh": "0.17.2",
"prettier-plugin-toml": "2.0.4"
},
"packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977",
"prettier": "@aminda/global-prettier-config"
}

207
pnpm-lock.yaml generated Normal file
View File

@ -0,0 +1,207 @@
lockfileVersion: "9.0"
settings:
autoInstallPeers: true
excludeLinksFromLockfile: false
importers:
.:
devDependencies:
"@aminda/global-prettier-config":
specifier: 2025.16.0
version: 2025.16.0
"@prettier/plugin-ruby":
specifier: 4.0.4
version: 4.0.4(prettier@3.5.3)
"@prettier/plugin-xml":
specifier: 3.4.1
version: 3.4.1(prettier@3.5.3)
corepack:
specifier: latest
version: 0.32.0
prettier:
specifier: 3.5.3
version: 3.5.3
prettier-plugin-nginx:
specifier: 1.0.3
version: 1.0.3
prettier-plugin-sh:
specifier: 0.17.2
version: 0.17.2(prettier@3.5.3)
prettier-plugin-toml:
specifier: 2.0.4
version: 2.0.4(prettier@3.5.3)
packages:
"@aminda/global-prettier-config@2025.16.0":
resolution:
{
integrity: sha512-A++pQoqdFbeeXradpFJvwmuf0KFh9ykJpfaLMaVBCmG+4ssRy+B3e2OcSiI5oqG7D1EzgX+izQBPsAC4g0y9cQ==,
}
"@prettier/plugin-ruby@4.0.4":
resolution:
{
integrity: sha512-lCpvfS/dQU5WrwN3AQ5vR8qrvj2h5gE41X08NNzAAXvHdM4zwwGRcP2sHSxfu6n6No+ljWCVx95NvJPFTTjCTg==,
}
peerDependencies:
prettier: ^3.0.0
"@prettier/plugin-xml@3.4.1":
resolution:
{
integrity: sha512-Uf/6/+9ez6z/IvZErgobZ2G9n1ybxF5BhCd7eMcKqfoWuOzzNUxBipNo3QAP8kRC1VD18TIo84no7LhqtyDcTg==,
}
peerDependencies:
prettier: ^3.0.0
"@reteps/dockerfmt@0.3.6":
resolution:
{
integrity: sha512-Tb5wIMvBf/nLejTQ61krK644/CEMB/cpiaIFXqGApfGqO3GwcR3qnI0DbmkFVCl2OyEp8LnLX3EkucoL0+tbFg==,
}
engines: { node: ^v12.20.0 || ^14.13.0 || >=16.0.0 }
"@taplo/core@0.2.0":
resolution:
{
integrity: sha512-r8bl54Zj1In3QLkiW/ex694bVzpPJ9EhwqT9xkcUVODnVUGirdB1JTsmiIv0o1uwqZiwhi8xNnTOQBRQCpizrQ==,
}
"@taplo/lib@0.5.0":
resolution:
{
integrity: sha512-+xIqpQXJco3T+VGaTTwmhxLa51qpkQxCjRwezjFZgr+l21ExlywJFcDfTrNmL6lG6tqb0h8GyJKO3UPGPtSCWg==,
}
"@xml-tools/parser@1.0.11":
resolution:
{
integrity: sha512-aKqQ077XnR+oQtHJlrAflaZaL7qZsulWc/i/ZEooar5JiWj1eLt0+Wg28cpa+XLney107wXqneC+oG1IZvxkTA==,
}
chevrotain@7.1.1:
resolution:
{
integrity: sha512-wy3mC1x4ye+O+QkEinVJkPf5u2vsrDIYW9G7ZuwFl6v/Yu0LwUuT2POsb+NUWApebyxfkQq6+yDfRExbnI5rcw==,
}
corepack@0.32.0:
resolution:
{
integrity: sha512-KhahVUFy7xL8OTty/ToY646hXMQhih8rnvUkA9/qnk/u4QUF2+SbQneX/zZnDxG1NiABFm5ojZCWnIv93oyhhQ==,
}
engines: { node: ^18.17.1 || ^20.10.0 || >=22.11.0 }
hasBin: true
prettier-plugin-nginx@1.0.3:
resolution:
{
integrity: sha512-vV5q85s8XnV6NEgvz1gVLfZhmxAxY03MyOYj2ApBpjFkbs00lRsRkTmqO9L39ADuD18z1RRCcfZ3eVxKhI/nqg==,
}
prettier-plugin-sh@0.17.2:
resolution:
{
integrity: sha512-7+dEo/IYbhrUj4qP+1QXj41/5Hv9ZkxBuEatI1jywrcAlVF1aGhdYJF4Sn+M67nkA16iRL53W4FSRe1bitTdmQ==,
}
engines: { node: ">=16.0.0" }
peerDependencies:
prettier: ^3.0.3
prettier-plugin-toml@2.0.4:
resolution:
{
integrity: sha512-uOTNPClqnE3T9XJ8hCqAJek70Jnk3/ZuAG/aXRTmrWbVe8lJyuZ60KV7OtgWqF+iGZOPVpkh+giHhX9GZYRHGA==,
}
engines: { node: ">=16.0.0" }
peerDependencies:
prettier: ^3.0.3
prettier@3.5.3:
resolution:
{
integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==,
}
engines: { node: ">=14" }
hasBin: true
regexp-to-ast@0.5.0:
resolution:
{
integrity: sha512-tlbJqcMHnPKI9zSrystikWKwHkBqu2a/Sgw01h3zFjvYrMxEDYHzzoMZnUrbIfpTFEsoRnnviOXNCzFiSc54Qw==,
}
sh-syntax@0.5.7:
resolution:
{
integrity: sha512-74m9dt91konrF5+m0kASugzi37VxKsnTJQ6yvdDZu3IijG5/vIZpImP6FadsJLWNt2X2YD0VaTwW5W7Ox7mFVg==,
}
engines: { node: ">=16.0.0" }
tslib@2.8.1:
resolution:
{
integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==,
}
snapshots:
"@aminda/global-prettier-config@2025.16.0":
dependencies:
"@prettier/plugin-ruby": 4.0.4(prettier@3.5.3)
"@prettier/plugin-xml": 3.4.1(prettier@3.5.3)
corepack: 0.32.0
prettier: 3.5.3
prettier-plugin-nginx: 1.0.3
prettier-plugin-sh: 0.17.2(prettier@3.5.3)
prettier-plugin-toml: 2.0.4(prettier@3.5.3)
"@prettier/plugin-ruby@4.0.4(prettier@3.5.3)":
dependencies:
prettier: 3.5.3
"@prettier/plugin-xml@3.4.1(prettier@3.5.3)":
dependencies:
"@xml-tools/parser": 1.0.11
prettier: 3.5.3
"@reteps/dockerfmt@0.3.6": {}
"@taplo/core@0.2.0": {}
"@taplo/lib@0.5.0":
dependencies:
"@taplo/core": 0.2.0
"@xml-tools/parser@1.0.11":
dependencies:
chevrotain: 7.1.1
chevrotain@7.1.1:
dependencies:
regexp-to-ast: 0.5.0
corepack@0.32.0: {}
prettier-plugin-nginx@1.0.3: {}
prettier-plugin-sh@0.17.2(prettier@3.5.3):
dependencies:
"@reteps/dockerfmt": 0.3.6
prettier: 3.5.3
sh-syntax: 0.5.7
prettier-plugin-toml@2.0.4(prettier@3.5.3):
dependencies:
"@taplo/lib": 0.5.0
prettier: 3.5.3
prettier@3.5.3: {}
regexp-to-ast@0.5.0: {}
sh-syntax@0.5.7:
dependencies:
tslib: 2.8.1
tslib@2.8.1: {}