Opened 13 years ago

Closed 11 years ago

#221 closed task (fixed)

Put the apt repo signing key somewhere reasonable

Reported by: adehnert Owned by:
Priority: major Milestone:
Component: internals Keywords:
Cc:

Description (last modified by adehnert)

At the moment, achernya has the apt repo signing key on his laptop. We should put it somewhere more useful.

See discussion 2011-09-09 on -c scripts -i apt.

  1. Stick it in the locker
    1. Unencrypted (protected by AFS ACLs to scripts-root)
    2. Encrypted to maintainer's keys
  2. Stick it on the hosts
  3. Stick it on the Fedora guests
  4. Stick it on some build VM or server
    1. scripts-owned hardware in SMR
    2. Shared (eg, zulu/magrathea)
  5. Something else
  6. Have each maintainer store it themselves

(3) is a bit silly. Other than that, I think they were all vaguely acceptable. One concern is whether a signed repo with a leaked key is worse than an unsigned repo (if it isn't, then being insecure is vaguely okay). (4) should ideally avoid having a single un-backed-up VM that needs to not vanish, by storing the key elsewhere.

Change History (5)

comment:1 Changed 12 years ago by ezyang

  • Priority changed from normal to major
  • Type changed from defect to task

comment:2 Changed 11 years ago by adehnert

  • Description modified (diff)

comment:3 Changed 11 years ago by adehnert

  • Description modified (diff)

comment:4 Changed 11 years ago by adehnert

Current ~consensus is (2). If there are no objections in the next ~day, the key should be copied to each of the hosts.

comment:5 Changed 11 years ago by achernya

  • Resolution set to fixed
  • Status changed from new to closed

The signing key lives on the hosts.

Note: See TracTickets for help on using tickets.