Proposed key signing statement

Submitted by tytso on Wed, 10/08/2008 - 15:15.
Printer-friendly versionSorry for not getting this out earlier... What I'd propose we do for the 4.0 release is keep things simple. We use the LSB Master Key to sign a LSB 2008-2009 Key which expires on 12/31/2009. The 2008-2009 Key signs a LSB 4.0 Release Key which we use to sign the Beta and Official Releases, and an LSB Daily Build Key. The LSB 2008-2009 Key will be stored off-line, and encrypted by a pass key that will be known only be two people. A paper copy of passphrase will be stored in a sealed envelope at the Linux Foundation headquarters in San Francisco. The LSB 4.0 Release Key will be known by those folks who need sign the LSB Beta, Official, and Update releases, and it may be temporarily stored (encrypted) on-line on LF servers while a release is being prepared; other times, it should be stored off-line. The LSB Daily Build Key may be stored in an unencrypted form, readable only by root, on the LSB build systems. Comments? - Ted
‹ TCC Message: (exec.c, 120): can't exec /home/tet/test_sets/TESTROOT/tset/LSB.pam Autotest Results Page ›
Login or register to post comments | 318 reads | Printer-friendly version |
Proposed key signing statement
Submitted by Wichmann Mats D on Tue, 10/14/2008 - 17:00.

> The LSB Daily Build Key may be stored in an unencrypted form, readable
> only by root, on the LSB build systems.

that makes it unusable by the autobuild user account that
will prepare the packages, as it wll definitely never
be given superuser privileges.

Login or register to post comments |
Proposed key signing statement
Submitted by licquia on Mon, 10/13/2008 - 20:45.

Theodore Ts'o wrote:
> Comments?

Makes a lot of sense to me. How should we go about implementing it?

Login or register to post comments |
HomeForumsLSB General Forum › » Proposed key signing statement
Copyright © 2008 Linux Foundation. All rights reserved.
LSB is a trademark of the Linux Foundation. Linux is a registered trademark of Linus Torvalds