Make use of MAR files with more than one signature
In #13379 (moved) we implemented the option to have signed MAR files. It would be good for a couple of reasons to have a system being able to work with more than one signature. This ticket is for addressing this issue.
Activity
Quoting comment:7:ticket:13379:
we may want to consider having two or three keys: one held by Georg, one by myself, and one on a dist server. Though this has downsides in that it would require Georg and I to always be available to sign builds.. I suppose we could instead share a builders key, and then have the second key live on a signing machine that other people can get access to in an emergency?Would it be smart to have a kind of a threshold system here instead, taking the burden off of us to be always available for signing (I still hope this happens for the reproducible builds itself too, one day)? We could then start with having Mike's key and mine and a third one (be it the general building key we are about to create or an other one) and with saying the update is okay iff two signatures are available and valid. We could even loosen the latter condition: we could have this threshold but still allow just one signature with an additional dialog explaining things given that most users are still verifying only the package signature. Not sure if that would be worth the effort though assuming we have at least two builders anyway which could then sign the MAR files, too...
-
Trac:
Description: In #13379 (moved) we implement the option to have signed MAR files. It would be good more a couple of reasons to not only have one key as the bottleneck. This ticket is for addressing this issue.to
In #13379 (moved) we implemented the option to have signed MAR files. It would be good for a couple of reasons to have a system being able to work with more than one signature. This ticket is for addressing this issue.
