Closed Bug 1311111 Opened 3 years ago Closed 3 years ago

please start landing docker-worker pubkeys in gpg repo

Categories

(Taskcluster :: Workers, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: aki, Unassigned)

References

Details

The repo is here: https://github.com/mozilla-releng/cot-gpg-keys

Each PR will require at least the final commit to be signed by a valid key.  Signing each commit with a valid key is even better, but not currently required.

To add new committers, we'll have to allow for it in github, plus add the committer's gpg long keyid here https://github.com/mozilla-releng/cot-gpg-keys/blob/master/check_commit_signatures.py#L13 and the full pubkey here http://hg.mozilla.org/build/puppet/file/tip/modules/signing_scriptworker/files/git_pubkeys .

We need these gpg pubkeys for the decision, docker-image, and build docker worker AMIs.

We also need a process or convention to remove old, unused pubkeys once the AMIs are no longer used.
Component: Docker-Worker → Worker
Thank you!
This was merged. Feel free to either leave this bug open to track the process implementation, or resolve, since we have the first set of AMI pubkeys landed; whichever you prefer.
Blocks: 1317789
Currently guessing we want to close this out.
Please reopen if that's not the case.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Component: Worker → Workers
You need to log in before you can comment on or make changes to this bug.