[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] Gentoo sync mirror commits are now OpenPGP-signed
From:       Michał_Górny <mgorny () gentoo ! org>
Date:       2018-01-27 14:21:45
Message-ID: 1517062905.3816.10.camel () gentoo ! org
[Download RAW message or body]

Hi, everyone.

Just a quick announcement: I have enabled experimental signatures
on gentoo-mirror commits for gentoo.git. The server now verifies
developer signatures from gentoo.git (using fingerprints from LDAP)
and if everything looks fine pushes a signed mirror commit.

$ git log --show-signature -1 | cat
commit ec25012d1f9e8c795d8822810970127b13adf2c1
gpg: Signature made Sat Jan 27 14:48:54 2018 CET
gpg:                using RSA key F265B6A01DEF32748C6184C79FA394EB86CB7342
gpg: Good signature from "Repository Mirror & CI project (automated signing key) \
                <repo-qa-checks@gentoo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C5DF ACC4 F05D 47E4 383C  E4C2 403B C085 18DA F97B
     Subkey fingerprint: F265 B6A0 1DEF 3274 8C61  84C7 9FA3 94EB 86CB 7342
Author: Repository QA checks <repo-qa-checks@gentoo.org>
Date:   Sat Jan 27 14:48:54 2018

    2018-01-27 13:48:53 UTC


The appropriate public key has been pushed to SKS keyservers.
The current fingerprints can be found on the project page [1]. I will
work on Portage integration later on.

[1]:https://wiki.gentoo.org/wiki/Project:Repository_mirror_and_CI

-- 
Best regards,
Michał Górny


[prev in list] [next in list] [prev in thread] [next in thread]