[openstack-dev] Fwd: [Openstack-devel] PGP key signing party during the HK summit
Jeremy Stanley
fungi at yuggoth.org
Fri Sep 20 17:57:58 UTC 2013
On 2013-09-20 10:47:10 -0700 (-0700), Clint Byrum wrote:
[...]
> Also if we are auto-signing anything, the infra team can sign the
> key for the auto-signer, so we can also secure any mirrored copies of
> automatically built artifcats against server side tampering.
Yes, and to that end I've done a little brainstorming in updates to
https://launchpad.net/bugs/1118469 for a phased approach to possibly
implementing some of these improvements on the infra/release
automation side of things.
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list