FS#52363 - {archweb} Automate PGP keyring issues
Attached to Project:
Arch Linux
Opened by Jelle van der Waa (jelly) - Wednesday, 04 January 2017, 09:32 GMT
Last edited by Kristian (klausenbusk) - Monday, 05 June 2023, 17:42 GMT
Opened by Jelle van der Waa (jelly) - Wednesday, 04 January 2017, 09:32 GMT
Last edited by Kristian (klausenbusk) - Monday, 05 June 2023, 17:42 GMT
|
Details
Description:
When a Trusted User or Developer steps down, his key may be left in the archlinux-keyring package. There is no automation to revoke this key or update the keyring package, so there should be some automation in place to handle this :) Some scenario's which can be automated: * When a key is in the keyring but there is no archweb entry, report an issue. * When a fingerprint is registered in archweb but not in the keyring, report an issue * When a key is almost expired report an issue. The issues can be shown in archweb or mailed to a mailing list. |
This task depends upon
Closed by Kristian (klausenbusk)
Monday, 05 June 2023, 17:42 GMT
Reason for closing: Upstream
Additional comments about closing: Please report upstream if this is still relevant: https://github.com/archlinux/aurweb.
Monday, 05 June 2023, 17:42 GMT
Reason for closing: Upstream
Additional comments about closing: Please report upstream if this is still relevant: https://github.com/archlinux/aurweb.
I would like to utilize Arch-based distributions to run distributed services. But these strange keyring problems require manual research and bugfixing every once in a while.
Are there any ideas how to prevent the keyring problem?
Who / What task is causing these kind of problems?