[openstack-dev] [release][infra][all] Signing Keys for Ocata Release

Davanum Srinivas davanum at gmail.com
Fri Dec 16 16:00:30 UTC 2016


Folks,

you may have noticed the releases.openstack.org now shows the PGP
signatures of all release artifacts, example:
https://releases.openstack.org/ocata/index.html#ocata-nova

Many thanks to the Infra team to making this happen, details are here:
https://releases.openstack.org/#cryptographic-signatures
https://specs.openstack.org/openstack-infra/infra-specs/specs/artifact-signing.html
http://docs.openstack.org/infra/system-config/signing.html

Please see the key below for Ocata named "OpenStack Infra (Ocata
Cycle)", this key will be used for all artifacts and git tags as well:
https://sks-keyservers.net/pks/lookup?op=vindex&search=0xd47bab1b7dc2e262a4f6171e8b1b03fd54e2ac07&fingerprint=on

The Infra Root admins have already signed the key (they are the only
ones with direct access to the private key to attest). Hoping to see
some of the PTL(s) and Release Liaison(s) sign this key as well if
they trust the Infra Root admins :)

Of course anyone in the OpenStack eco system is welcome to sign the
key as well. If you run into trouble, please ping us on the release or
the infra channels.

Thanks,
Dims and Jeremy
(On behalf of Infra and Release teams)


-- 
Davanum Srinivas :: https://twitter.com/dims



More information about the OpenStack-dev mailing list