[Touch-packages] [Bug 1798073] Re: [SRU] Provide 2018 archive signing key on stable releases

Mon, 19 Nov 2018 16:11:10 -0800 

Setting up ubuntu-keyring (2018.09.18.1~18.04.0) ...
# apt-key list
...
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) 
<ftpmas...@ubuntu.com>


all is good for bionic. Prior releases should only probably ship this key in 
the ubuntu-keyring.gpg, but not as a trusted.gpg.d key snippet. As we do not 
anticipate to use 2018 key to sign the bionic archive.

** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1798073

Title:
  [SRU] Provide 2018 archive signing key on stable releases

Status in ubuntu-keyring package in Ubuntu:
  Fix Released
Status in ubuntu-keyring source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

   * For LTS releases to be able to bootstrap dual and single signed
  future releases, and validate all signatures, 2018 archive signing key
  should be SRUed back

   * Also build process has improved documentation and vague validation
  that all key snippets are signed correctly

  [Test Case]

   * $ apt-key list
  ...
  /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  ------------------------------------------------------
  pub   rsa4096 2018-09-17 [SC]
        F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
  uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) 
<ftpmas...@ubuntu.com>
  ...

  apt-key list should contain the 2018 archive key.

  [Regression Potential]

   * Build-process, key algo, and key size, and file format are the same
  as previous key snippets thus supported by all of gpg1 gpg2 gpgv1
  gpgv2.

  [Other Info]

   * 2018 key is to be used for dual-signing in DD series and up

   * Bileto PPA is built against security pocket only, suitable to be
  released into both -security and -updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1798073/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to