Project

General

Profile

Actions

Issue #2245

open

Separate the gpg keys from the releases

Added by Denis 'GNUtoo' Carikli over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Category:
-
Target version:
Start date:
04/29/2021
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Not device specific
Grant:
Type of work:
Build system integration, System administration
Actions #1

Updated by Denis 'GNUtoo' Carikli over 3 years ago

Several developers involved in releases (at least me and Wolfgang) use gpg keys that do expire from time to time.

This means that before the key expires, we have to update it and send the updated key to key servers.

As the keys are published as part of the releases, at some point they become expired.

So we probably need to separate the keys from the releases.

We already had the issue once with the 0003 images: https://ftp.osuosl.org/pub/replicant/images/replicant-6.0/0003-update/security/README.txt but we will have it way more often and it would be a good idea not to have to update each releases keys in this way but do only in once and regularly.

Actions

Also available in: Atom PDF