id summary reporter owner description type status priority milestone component resolution keywords cc 221 Put the apt repo signing key somewhere reasonable adehnert "At the moment, achernya has the apt repo signing key on his laptop. We should put it somewhere more useful. See discussion 2011-09-09 on -c scripts -i apt. 1. Stick it in the locker a. Unencrypted (protected by AFS ACLs to scripts-root) b. Encrypted to maintainer's keys 2. Stick it on the hosts 3. Stick it on the Fedora guests 4. Stick it on some build VM or server a. scripts-owned hardware in SMR b. Shared (eg, zulu/magrathea) 5. Something else 6. Have each maintainer store it themselves (3) is a bit silly. Other than that, I think they were all vaguely acceptable. One concern is whether a signed repo with a leaked key is worse than an unsigned repo (if it isn't, then being insecure is vaguely okay). (4) should ideally avoid having a single un-backed-up VM that needs to not vanish, by storing the key elsewhere." task closed major internals fixed