please start landing docker-worker pubkeys in gpg repo

RESOLVED FIXED

Status

Taskcluster
Worker
RESOLVED FIXED
6 months ago
4 months ago

People

(Reporter: aki, Unassigned)

Tracking

Details

(Reporter)

Description

6 months ago
The repo is here: https://github.com/mozilla-releng/cot-gpg-keys

Each PR will require at least the final commit to be signed by a valid key.  Signing each commit with a valid key is even better, but not currently required.

To add new committers, we'll have to allow for it in github, plus add the committer's gpg long keyid here https://github.com/mozilla-releng/cot-gpg-keys/blob/master/check_commit_signatures.py#L13 and the full pubkey here http://hg.mozilla.org/build/puppet/file/tip/modules/signing_scriptworker/files/git_pubkeys .

We need these gpg pubkeys for the decision, docker-image, and build docker worker AMIs.

We also need a process or convention to remove old, unused pubkeys once the AMIs are no longer used.

Comment 1

6 months ago
First PR for docker-worker is here: https://github.com/mozilla-releng/cot-gpg-keys/pull/3

Updated

6 months ago
Component: Docker-Worker → Worker
(Reporter)

Comment 2

6 months ago
Thank you!
This was merged. Feel free to either leave this bug open to track the process implementation, or resolve, since we have the first set of AMI pubkeys landed; whichever you prefer.
(Reporter)

Updated

5 months ago
Blocks: 1317789
(Reporter)

Comment 3

4 months ago
Currently guessing we want to close this out.
Please reopen if that's not the case.
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.