Feature #6193
Sign published artifacts checksums
Start date:
2013-09-09
Due date:
% Done:
100%
Description
We might want to provide a way to verify the jenkins autobuild isos published on nightly.t.b.o. That way we can have people safely downloading an trying them.
Point is that we can’t use our main pgp signing key for this task, as it will be used on a remote server.
We might end on using a signing subkey or more likely to manage a new secret key, signed by our main one.
Subtasks
Feature #6266: Add an OpenPGP key on builder.lizard to sign Jenkins artifacts | Resolved | 0 |
|||
Feature #6267: Add checksum signing ability to the Tails build script | Resolved | 0 |
|||
Feature #6268: Adapt the Jenkins artifacts rotation script | Resolved | 0 |
History
#1 Updated by intrigeri 2013-10-03 06:54:32
- Status changed from Confirmed to Fix committed
- Assignee deleted (
bertagaz)
#2 Updated by intrigeri 2013-10-29 11:12:14
- Status changed from Fix committed to Resolved
#3 Updated by intrigeri 2014-03-06 20:51:02
- Category changed from 171 to Infrastructure