Project

General

Profile

Issue #2245

Separate the gpg keys from the releases

Added by Denis 'GNUtoo' Carikli 5 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Category:
-
Target version:
Start date:
04/29/2021
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Not device specific
Grant:
Type of work:
Build system integration, System administration
#1

Updated by Denis 'GNUtoo' Carikli 5 months ago

Several developers involved in releases (at least me and Wolfgang) use gpg keys that do expire from time to time.

This means that before the key expires, we have to update it and send the updated key to key servers.

As the keys are published as part of the releases, at some point they become expired.

So we probably need to separate the keys from the releases.

We already had the issue once with the 0003 images: https://ftp.osuosl.org/pub/replicant/images/replicant-6.0/0003-update/security/README.txt but we will have it way more often and it would be a good idea not to have to update each releases keys in this way but do only in once and regularly.

Also available in: Atom PDF