Opened 13 years ago
Closed 12 years ago
#221 closed task (fixed)
Put the apt repo signing key somewhere reasonable
Reported by: | adehnert | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | internals | Keywords: | |
Cc: |
Description (last modified by adehnert)
At the moment, achernya has the apt repo signing key on his laptop. We should put it somewhere more useful.
See discussion 2011-09-09 on -c scripts -i apt.
- Stick it in the locker
- Unencrypted (protected by AFS ACLs to scripts-root)
- Encrypted to maintainer's keys
- Stick it on the hosts
- Stick it on the Fedora guests
- Stick it on some build VM or server
- scripts-owned hardware in SMR
- Shared (eg, zulu/magrathea)
- Something else
- Have each maintainer store it themselves
(3) is a bit silly. Other than that, I think they were all vaguely acceptable. One concern is whether a signed repo with a leaked key is worse than an unsigned repo (if it isn't, then being insecure is vaguely okay). (4) should ideally avoid having a single un-backed-up VM that needs to not vanish, by storing the key elsewhere.
Change History (5)
comment:1 Changed 13 years ago by ezyang
- Priority changed from normal to major
- Type changed from defect to task
comment:2 Changed 12 years ago by adehnert
- Description modified (diff)
comment:3 Changed 12 years ago by adehnert
- Description modified (diff)
comment:4 Changed 12 years ago by adehnert
comment:5 Changed 12 years ago by achernya
- Resolution set to fixed
- Status changed from new to closed
The signing key lives on the hosts.
Note: See
TracTickets for help on using
tickets.
Current ~consensus is (2). If there are no objections in the next ~day, the key should be copied to each of the hosts.