Opened 5 months ago
Last modified 4 months ago
#2968 assigned task
move to new signing keys
| Reported by: | Antoine Martin | Owned by: | Antoine Martin |
|---|---|---|---|
| Priority: | major | Milestone: | 4.2 |
| Component: | external | Version: | 3.0.x |
| Keywords: | Cc: |
Description
Instead of signing the packages with my personal key, create a new one (stronger too) for the project and ensure that other trusted developers can take it over if needed.
(and store it on a hardware token to keep it safe)
The difficult part is going to be the transition, as packages can only be signed by a single key.
New packages could just add the new signing key to the system (ie: rpm --import) and eventually (6 months?) we can switch over to the new key without causing too many problems?
Change History (2)
comment:1 Changed 5 months ago by
| Status: | new → assigned |
|---|
comment:2 Changed 4 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2968
Note: See
TracTickets for help on using
tickets.
copyleft 2010 - 2021
(doing this ticket only after #2967)
Links: