diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index cf07956..04a2a03 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,44 +1,74 @@ ci: - # Forĝejo/Gitea mirrors will autoclose pull requests. This should decrease - # the frequency of unnecessary PRs. - # https://github.com/pre-commit-ci/issues/issues/83 + skip: [prettier] autoupdate_schedule: quarterly -# Override hook language versions from system defaults default_language_version: - python: pypy3 + ruby: ".ruby-version" repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v5.0.0 hooks: + - id: trailing-whitespace + args: ["--markdown-linebreak-ext", "md,markdown"] + - id: check-yaml - id: check-added-large-files - id: check-case-conflict - - id: check-yaml - id: check-executables-have-shebangs + - id: check-json + - id: check-merge-conflict - id: check-shebang-scripts-are-executable + - id: check-toml + - id: check-xml - id: destroyed-symlinks - id: detect-private-key - - id: end-of-file-fixer - id: fix-byte-order-marker - - id: trailing-whitespace - exclude_types: [markdown] + - id: check-merge-conflict + - id: mixed-line-ending + args: [--fix=auto] + - id: pretty-format-json + args: + [ + --autofix, + --indent, + "\t", + --no-ensure-ascii, + --top-keys, + "Name,name,domain", + ] + - id: check-illegal-windows-names + + - repo: https://github.com/pre-commit-ci/pre-commit-ci-config + rev: v1.6.1 + hooks: + - id: check-pre-commit-ci-config - repo: https://github.com/thlorenz/doctoc rev: v2.2.0 hooks: - id: doctoc - args: [--update-only] + args: [--update-only, --notitle] - - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.8" + - repo: https://github.com/fsfe/reuse-tool + rev: v5.0.2 + hooks: + - id: reuse + + - repo: https://github.com/get-woke/woke + rev: "v0.19.0" + hooks: + - id: woke-from-source + + - repo: local hooks: - id: prettier + name: prettier + entry: corepack npx prettier --cache --ignore-unknown --write + language: system - repo: https://github.com/editorconfig-checker/editorconfig-checker.python - rev: "2.7.3" + rev: "3.2.1" hooks: - id: editorconfig-checker alias: ec - # I don't actually care about line lengths as more than a guideline args: [-disable-max-line-length] diff --git a/LICENSES/.editorconfig b/LICENSES/.editorconfig new file mode 100644 index 0000000..b3b5c69 --- /dev/null +++ b/LICENSES/.editorconfig @@ -0,0 +1,4 @@ +root = false +[*] +indent_style = space +trim_trailing_whitespace = false diff --git a/LICENSES/CC0-1.0.txt b/LICENSES/CC0-1.0.txt new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/LICENSES/CC0-1.0.txt @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/README.md b/README.md index e50fb96..4f4cc06 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # pgp-alt-wot -PGP keys signed by me so I don't have to validate the same keys -again-and-again and can just trust my own paper verified fingerprint in the -subsequent validations. +PGP keys signed by me so I don't have to validate the same keys again-and-again +and can just trust my own paper verified fingerprint in the subsequent +validations. WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust) @@ -21,50 +21,56 @@ WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust) For example, I use [Tor Browser](https://torproject.org/) everywhere and download it directly from their website. They have signed it using GPG (a -OpenPGP implementation) and to ensure it hasn't been tampered with, I have -to check that signature and I have two options: +OpenPGP implementation) and to ensure it hasn't been tampered with, I have to +check that signature and I have two options: -- I can always [verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/), - but that takes time and I would need to verify it from both [support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/) - and [4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature). - But what if [they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)? -- (or) I could verify the signing key carefully once, sign (or certify) it - by myself and in the future simply verify that my own key is valid (as I - have been doing this a few times on the other side of dualbooting and at - family). +- I can always + [verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/), + but that takes time and I would need to verify it from both + [support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/) + and + [4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature). + But what if + [they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)? +- (or) I could verify the signing key carefully once, sign (or certify) it by + myself and in the future simply verify that my own key is valid (as I have + been doing this a few times on the other side of dualbooting and at family). -This second method is also [encouraged by Tails](https://tails.boum.org/install/expert/usb/index.en.html). +This second method is also +[encouraged by Tails](https://tails.boum.org/install/expert/usb/index.en.html). -What if I am wrong and trust the wrong key? I think I am less likely to -trust a wrong key by verifying it carefully and signing it once than -verifying it separately every time. However if I do sign a wrong key, I can -always revoke my signature and then publish the key with my revocation -signature on public keyservers (which I don't usually do, while I cannot -control what people do with the signatures from this repository). +What if I am wrong and trust the wrong key? I think I am less likely to trust a +wrong key by verifying it carefully and signing it once than verifying it +separately every time. However if I do sign a wrong key, I can always revoke my +signature and then publish the key with my revocation signature on public +keyservers (which I don't usually do, while I cannot control what people do with +the signatures from this repository). ## Inclusion policy -- I am reasonably certain that the key belongs to whom it claims to belong - to or I trust the key to belong to whomever it belongs to. -- I have some need of the key or have attended keysigning party with the - key owner. -- `me/me.asc` is just my key and place where I try to keep all signatures it - has received. Symlinks are legacy reasons and other me's are also me. +- I am reasonably certain that the key belongs to whom it claims to belong to or + I trust the key to belong to whomever it belongs to. +- I have some need of the key or have attended keysigning party with the key + owner. +- `me/me.asc` is just my key and place where I try to keep all signatures it has + received. Symlinks are legacy reasons and other me's are also me. ## Places to check for keys - GitHub, Gitea and GitLab expose user public keys when you append a `.gpg` after their profile page (`.keys` for SSH). -- [The Internet Archive's Waybackmachine](https://web.archive.org/) is always - a good place too especially when using together with official websites. +- [The Internet Archive's Waybackmachine](https://web.archive.org/) is always a + good place too especially when using together with official websites. - Some people have similar projects or webpages for this purpose - [Artemis' verify page](https://artemislena.eu/services/verify.html) ## Mirrors -- main: [git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/) +- main: + [git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/) - [git.piraattipuolue.fi/Mikaela/pgp-alt-wot](https://git.piraattipuolue.fi/mikaela/pgp-alt-wot) -- [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot) ([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot)) +- [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot) + ([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot)) ## See also diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 0000000..c8dc2e3 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,7 @@ +version = 1 + +[[annotations]] +path = "**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2025 Aminda Suomalainen " +SPDX-License-Identifier = "CC0-1.0" diff --git a/minisign/README.md b/minisign/README.md index b92cf62..a6e8cc1 100644 --- a/minisign/README.md +++ b/minisign/README.md @@ -1,4 +1,4 @@ Not actually PGP, but as the function is the same, why not -Warning: minisign doesn't have and won't have WoT or inbuild certifications -or revokations on the key belonging to whom it's said to belong +Warning: minisign doesn't have and won't have WoT or inbuild certifications or +revokations on the key belonging to whom it's said to belong diff --git a/package.json b/package.json new file mode 100644 index 0000000..faf02a8 --- /dev/null +++ b/package.json @@ -0,0 +1,14 @@ +{ + "devDependencies": { + "@aminda/global-prettier-config": "2025.16.0", + "@prettier/plugin-ruby": "4.0.4", + "@prettier/plugin-xml": "3.4.1", + "corepack": "latest", + "prettier": "3.5.3", + "prettier-plugin-nginx": "1.0.3", + "prettier-plugin-sh": "0.17.2", + "prettier-plugin-toml": "2.0.4" + }, + "packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977", + "prettier": "@aminda/global-prettier-config" +} diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml new file mode 100644 index 0000000..4cb9dd6 --- /dev/null +++ b/pnpm-lock.yaml @@ -0,0 +1,207 @@ +lockfileVersion: "9.0" + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +importers: + .: + devDependencies: + "@aminda/global-prettier-config": + specifier: 2025.16.0 + version: 2025.16.0 + "@prettier/plugin-ruby": + specifier: 4.0.4 + version: 4.0.4(prettier@3.5.3) + "@prettier/plugin-xml": + specifier: 3.4.1 + version: 3.4.1(prettier@3.5.3) + corepack: + specifier: latest + version: 0.32.0 + prettier: + specifier: 3.5.3 + version: 3.5.3 + prettier-plugin-nginx: + specifier: 1.0.3 + version: 1.0.3 + prettier-plugin-sh: + specifier: 0.17.2 + version: 0.17.2(prettier@3.5.3) + prettier-plugin-toml: + specifier: 2.0.4 + version: 2.0.4(prettier@3.5.3) + +packages: + "@aminda/global-prettier-config@2025.16.0": + resolution: + { + integrity: sha512-A++pQoqdFbeeXradpFJvwmuf0KFh9ykJpfaLMaVBCmG+4ssRy+B3e2OcSiI5oqG7D1EzgX+izQBPsAC4g0y9cQ==, + } + + "@prettier/plugin-ruby@4.0.4": + resolution: + { + integrity: sha512-lCpvfS/dQU5WrwN3AQ5vR8qrvj2h5gE41X08NNzAAXvHdM4zwwGRcP2sHSxfu6n6No+ljWCVx95NvJPFTTjCTg==, + } + peerDependencies: + prettier: ^3.0.0 + + "@prettier/plugin-xml@3.4.1": + resolution: + { + integrity: sha512-Uf/6/+9ez6z/IvZErgobZ2G9n1ybxF5BhCd7eMcKqfoWuOzzNUxBipNo3QAP8kRC1VD18TIo84no7LhqtyDcTg==, + } + peerDependencies: + prettier: ^3.0.0 + + "@reteps/dockerfmt@0.3.6": + resolution: + { + integrity: sha512-Tb5wIMvBf/nLejTQ61krK644/CEMB/cpiaIFXqGApfGqO3GwcR3qnI0DbmkFVCl2OyEp8LnLX3EkucoL0+tbFg==, + } + engines: { node: ^v12.20.0 || ^14.13.0 || >=16.0.0 } + + "@taplo/core@0.2.0": + resolution: + { + integrity: sha512-r8bl54Zj1In3QLkiW/ex694bVzpPJ9EhwqT9xkcUVODnVUGirdB1JTsmiIv0o1uwqZiwhi8xNnTOQBRQCpizrQ==, + } + + "@taplo/lib@0.5.0": + resolution: + { + integrity: sha512-+xIqpQXJco3T+VGaTTwmhxLa51qpkQxCjRwezjFZgr+l21ExlywJFcDfTrNmL6lG6tqb0h8GyJKO3UPGPtSCWg==, + } + + "@xml-tools/parser@1.0.11": + resolution: + { + integrity: sha512-aKqQ077XnR+oQtHJlrAflaZaL7qZsulWc/i/ZEooar5JiWj1eLt0+Wg28cpa+XLney107wXqneC+oG1IZvxkTA==, + } + + chevrotain@7.1.1: + resolution: + { + integrity: sha512-wy3mC1x4ye+O+QkEinVJkPf5u2vsrDIYW9G7ZuwFl6v/Yu0LwUuT2POsb+NUWApebyxfkQq6+yDfRExbnI5rcw==, + } + + corepack@0.32.0: + resolution: + { + integrity: sha512-KhahVUFy7xL8OTty/ToY646hXMQhih8rnvUkA9/qnk/u4QUF2+SbQneX/zZnDxG1NiABFm5ojZCWnIv93oyhhQ==, + } + engines: { node: ^18.17.1 || ^20.10.0 || >=22.11.0 } + hasBin: true + + prettier-plugin-nginx@1.0.3: + resolution: + { + integrity: sha512-vV5q85s8XnV6NEgvz1gVLfZhmxAxY03MyOYj2ApBpjFkbs00lRsRkTmqO9L39ADuD18z1RRCcfZ3eVxKhI/nqg==, + } + + prettier-plugin-sh@0.17.2: + resolution: + { + integrity: sha512-7+dEo/IYbhrUj4qP+1QXj41/5Hv9ZkxBuEatI1jywrcAlVF1aGhdYJF4Sn+M67nkA16iRL53W4FSRe1bitTdmQ==, + } + engines: { node: ">=16.0.0" } + peerDependencies: + prettier: ^3.0.3 + + prettier-plugin-toml@2.0.4: + resolution: + { + integrity: sha512-uOTNPClqnE3T9XJ8hCqAJek70Jnk3/ZuAG/aXRTmrWbVe8lJyuZ60KV7OtgWqF+iGZOPVpkh+giHhX9GZYRHGA==, + } + engines: { node: ">=16.0.0" } + peerDependencies: + prettier: ^3.0.3 + + prettier@3.5.3: + resolution: + { + integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==, + } + engines: { node: ">=14" } + hasBin: true + + regexp-to-ast@0.5.0: + resolution: + { + integrity: sha512-tlbJqcMHnPKI9zSrystikWKwHkBqu2a/Sgw01h3zFjvYrMxEDYHzzoMZnUrbIfpTFEsoRnnviOXNCzFiSc54Qw==, + } + + sh-syntax@0.5.7: + resolution: + { + integrity: sha512-74m9dt91konrF5+m0kASugzi37VxKsnTJQ6yvdDZu3IijG5/vIZpImP6FadsJLWNt2X2YD0VaTwW5W7Ox7mFVg==, + } + engines: { node: ">=16.0.0" } + + tslib@2.8.1: + resolution: + { + integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==, + } + +snapshots: + "@aminda/global-prettier-config@2025.16.0": + dependencies: + "@prettier/plugin-ruby": 4.0.4(prettier@3.5.3) + "@prettier/plugin-xml": 3.4.1(prettier@3.5.3) + corepack: 0.32.0 + prettier: 3.5.3 + prettier-plugin-nginx: 1.0.3 + prettier-plugin-sh: 0.17.2(prettier@3.5.3) + prettier-plugin-toml: 2.0.4(prettier@3.5.3) + + "@prettier/plugin-ruby@4.0.4(prettier@3.5.3)": + dependencies: + prettier: 3.5.3 + + "@prettier/plugin-xml@3.4.1(prettier@3.5.3)": + dependencies: + "@xml-tools/parser": 1.0.11 + prettier: 3.5.3 + + "@reteps/dockerfmt@0.3.6": {} + + "@taplo/core@0.2.0": {} + + "@taplo/lib@0.5.0": + dependencies: + "@taplo/core": 0.2.0 + + "@xml-tools/parser@1.0.11": + dependencies: + chevrotain: 7.1.1 + + chevrotain@7.1.1: + dependencies: + regexp-to-ast: 0.5.0 + + corepack@0.32.0: {} + + prettier-plugin-nginx@1.0.3: {} + + prettier-plugin-sh@0.17.2(prettier@3.5.3): + dependencies: + "@reteps/dockerfmt": 0.3.6 + prettier: 3.5.3 + sh-syntax: 0.5.7 + + prettier-plugin-toml@2.0.4(prettier@3.5.3): + dependencies: + "@taplo/lib": 0.5.0 + prettier: 3.5.3 + + prettier@3.5.3: {} + + regexp-to-ast@0.5.0: {} + + sh-syntax@0.5.7: + dependencies: + tslib: 2.8.1 + + tslib@2.8.1: {}