Last Comment Bug 1311111 - please start landing docker-worker pubkeys in gpg repo
: please start landing docker-worker pubkeys in gpg repo
Status: RESOLVED FIXED
:
Product: Taskcluster
Classification: Other
Component: Worker (show other bugs)
: unspecified
: Unspecified Unspecified
-- normal
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
Depends on:
Blocks: 1309293 1317789
  Show dependency treegraph
 
Reported: 2016-10-18 11:19 PDT by Aki Sasaki [:aki]
Modified: 2016-12-19 14:47 PST (History)
1 user (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description User image Aki Sasaki [:aki] 2016-10-18 11:19:47 PDT
The repo is here: https://github.com/mozilla-releng/cot-gpg-keys

Each PR will require at least the final commit to be signed by a valid key.  Signing each commit with a valid key is even better, but not currently required.

To add new committers, we'll have to allow for it in github, plus add the committer's gpg long keyid here https://github.com/mozilla-releng/cot-gpg-keys/blob/master/check_commit_signatures.py#L13 and the full pubkey here http://hg.mozilla.org/build/puppet/file/tip/modules/signing_scriptworker/files/git_pubkeys .

We need these gpg pubkeys for the decision, docker-image, and build docker worker AMIs.

We also need a process or convention to remove old, unused pubkeys once the AMIs are no longer used.
Comment 1 User image Greg Arndt [:garndt] 2016-10-28 09:59:59 PDT
First PR for docker-worker is here: https://github.com/mozilla-releng/cot-gpg-keys/pull/3
Comment 2 User image Aki Sasaki [:aki] 2016-10-29 00:48:32 PDT
Thank you!
This was merged. Feel free to either leave this bug open to track the process implementation, or resolve, since we have the first set of AMI pubkeys landed; whichever you prefer.
Comment 3 User image Aki Sasaki [:aki] 2016-12-19 14:47:13 PST
Currently guessing we want to close this out.
Please reopen if that's not the case.

Note You need to log in before you can comment on or make changes to this bug.