Closed
Bug 497690
Opened 16 years ago
Closed 16 years ago
Renew GPG key before it expires
Categories
(Release Engineering :: General, defect, P2)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: joduinn, Assigned: joduinn)
Details
Attachments
(1 file)
|
3.73 KB,
text/plain
|
nthomas
:
checked-in+
|
Details |
During FF3.0.11 release, catlee noticed this GPG key will expire in July (16th?). We need to renew the key before it expires.
|
Assignee | |
Comment 1•16 years ago
|
||
Got sidetracked with FF3.5.0 and Q2/Q3 goals. Suddenly its now 08july. Bumping priority.
Priority: -- → P2
|
|
Assignee | |
Comment 2•16 years ago
|
||
Found bug#377781, where I did this two years ago, last time the key expired.
|
||
Comment 3•16 years ago
|
||
FYI:
According to http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/build1/KEY, it does expire on the 16th.
I just finished signing 3.5.1 so we made the cut off there
|
|
Assignee | |
Comment 4•16 years ago
|
||
(In reply to comment #3)
> FYI:
> According to
> http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/build1/KEY,
> it does expire on the 16th.
>
> I just finished signing 3.5.1 so we made the cut off there
....so we *just* made the cutoff! Phew! Thanks Ben.
|
|
Assignee | |
Comment 5•16 years ago
|
||
dveditz and I looked over this together in person, but posting here for the record.
|
|
Assignee | |
Comment 6•16 years ago
|
||
New private key now on signing machine, Lukas is trying it now. Stay tuned.
Meanwhile, should I checkin this new public key into the repo, just like we did for bug#377781? Or has this now moved to a new hg-based location?
|
||
Comment 7•16 years ago
|
||
(In reply to comment #6)
> [...]
> Meanwhile, should I checkin this new public key into the repo, just like we did
> for bug#377781? Or has this now moved to a new hg-based location?
That's a very good question, and one I am asking similarly for the new comm-central signing keys in bug 499709 comment #1. Any insight/opinions would be most welcome as to where would a good place be to stick these trusted public keys.
|
|
Assignee | |
Comment 8•16 years ago
|
||
nthomas did an additional manual test, which looks good too:
-bash-3.00$ gpg --verify firefox-3.0.12.tar.bz2.asc firefox-3.0.12.tar.bz2
gpg: Signature made Mon 20 Jul 2009 05:53:54 PM PDT using DSA key ID 17785FE8
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: checking the trustdb
gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/3
gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
gpg: next trustdb check due at 2011-07-20
|
|
||
Comment 9•16 years ago
|
||
(In reply to comment #6)
> Meanwhile, should I checkin this new public key into the repo, just like we did
> for bug#377781? Or has this now moved to a new hg-based location?
CVS mofo is still the right place for this.
|
||
Updated•16 years ago
|
Attachment #389589 -
Flags: checked‑in+
|
|
||
Comment 10•16 years ago
|
||
Comment on attachment 389589 [details]
new public key with added header text
Updated the public key in the mofo repo.
|
|
Assignee | |
Comment 11•16 years ago
|
||
We used this new key on FF3.0.12, which we shipped yesterday. Now tidying up bugs.
Posted renewed public key, and verified, on:
pgp.mit.edu
pgpkeys.mit.edu
Skipped the following keymasters because of errors:
keyserver.veridis.com redirects to keyserver.veridis.com:11371/disabled.jsp.
wwwkeys.pgp.net redirects to http://wwwkeys.pgp.net/apache2-default.
Thats it for another 2 years, so closing.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•