Closed
Bug 1303851
Opened 8 years ago
Closed 2 years ago
Warn if HPKP list is going to expire soon
Categories
(Release Engineering :: Applications: Shipit, defect, P3)
Release Engineering
Applications: Shipit
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: catlee, Unassigned)
References
Details
Shipit should warn release management if the HPKP list is going to expire soon. On Beta, that means we should warn if the expiry is less than 60 days out.
|
||
Comment 1•8 years ago
|
||
We can probably add a sanity check which injects a warning into the relman email.
|
|
||
Updated•7 years ago
|
Priority: -- → P2
|
|
||
Updated•7 years ago
|
Priority: P2 → P3
|
||
Comment 2•6 years ago
|
||
We currently have 'HPKP Expiration' checks for Beta, ESR [1], Nightly, and Release, via check_hkpk_expiry (see IT puppet). They're set up with 30 day threshold for warning, and 14 day for critical, for all branches. [1] depends on FIREFOX_ESR in https://product-details.mozilla.org/1.0/firefox_versions.json
|
|
||
Comment 3•6 years ago
|
||
Sigh, those are nagios checks, currently in scl3 but moving somewhere in bug 1484880.
|
Assignee | |
Updated•2 years ago
|
Component: Applications: ShipIt (backend) → Applications: ShipIt
|
||
Comment 4•2 years ago
|
||
Is this still a worry for Relman? Or do we have mitigations in place?
Flags: needinfo?(ryanvm)
|
||
Comment 5•2 years ago
|
||
It's theoretically still an issue, but twice-weekly automated bumps and a 4 week cycle have all but eliminated the possibility of hitting it in practice.
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(ryanvm)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•