Page MenuHomePhabricator
Create Task
Maniphest T150696

GPG Sign git tags
Closed, ResolvedPublic
Actions

Description

We should sign release tags with the release engineer's gpg key.

Event Timeline

mmodell created this task.Nov 14 2016, 9:04 PM
Restricted Application added subscribers: TerraCodes, Aklapper. · View Herald TranscriptNov 14 2016, 9:04 PM
demon moved this task from Needs triage to Experiments on the Scap board.Dec 8 2016, 1:55 AM
thcipriani triaged this task as Medium priority.Feb 10 2017, 6:11 PM

I did this for 1 release and then haven't done it since. I think I need to update some gbp config to support requiring this as well.

demon added a comment.Feb 10 2017, 6:24 PM

Something like this?

keyid = <FOO>
sign-tags = 1

Question is what key do we sign this with? Should we have a shared key that deployers can access? I'm thinking something like keyholder but for gpg instead of ssh.

Paladox moved this task from To Triage to Misc on the Phabricator board.Feb 17 2017, 4:58 PM
mmodell closed this task as Resolved.Feb 1 2018, 12:08 AM
mmodell claimed this task.

I think signing with our individual keys is good enough.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits