Closed
Bug 1185610
Opened 9 years ago
Closed 3 years ago
automated checks for key expiry dates
Categories
(Release Engineering :: Release Requests, defect, P3)
Release Engineering
Release Requests
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bhearsum, Unassigned)
References
Details
Stemming out of bug 1139929, we need to make sure we never miss a key expiry again. We were lucky that it only impacted a Beta release and some nightlies this time, but we may not be as lucky next time.
Some ideas:
* Nagios checks against one (or all?) signing servers that check key expirations.
* Script that runs periodically on signing server and e-mails report of key expirations.
* Events added to a shared calendar that remind us to renew keys ahead of expiration.
* An added item to the release checklist that instructs us to check release key expiration dates whenever we do a Beta 1.
It might be useful to do more than one of these, particular the calendar or b1 checks in addition to nagios or a script.
Reporter | ||
Comment 1•9 years ago
|
||
(In reply to Ben Hearsum [:bhearsum] from comment #0)
> * An added item to the release checklist that instructs us to check release
> key expiration dates whenever we do a Beta 1.
As a start, I added this: https://wiki.mozilla.org/index.php?title=Releases%2FRelEngChecklist&diff=1086355&oldid=1081550
I don't have time to do anything else right now, but some sort of script or Nagios check would be really really good to have at some point.
Comment 2•9 years ago
|
||
Ben, there's a chance that the MOC might be able to help here. cc: Linda
Reporter | ||
Comment 3•9 years ago
|
||
(In reply to Jeff Bryner [:jeff] (use NEEDINFO) from comment #2)
> Ben, there's a chance that the MOC might be able to help here. cc: Linda
If you have anything, that would be awesome! Keep in mind that we're talking about code signing certs, though, not SSL.
Updated•8 years ago
|
Priority: -- → P3
Comment 4•7 years ago
|
||
Bulk change of QA Contact to :jlund, per https://bugzilla.mozilla.org/show_bug.cgi?id=1428483
QA Contact: rail → jlund
Comment 5•3 years ago
|
||
We've moved to a yearly audit model.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•