Hi,
Am Fr., 27. März 2020 um 10:15 Uhr schrieb Gris Ge <fge(a)redhat.com>:
Hi Guys,
Currently, only only GPG key of Edward Haas is used for signing
release tarball and tag:
F7910D93CA83D77348595C0E899014C0463C12BB
I would like to propose these GPG key could also be used for release:
* Gris Ge <fge(a)redhat.com> F1FD57B2A5E9C8DB618086C66CCDE58FE41E28FF
* Till Maas <till(a)redhat.com> Unknown yet
sounds good. My key's fingerprint is: 18A0 E3D6 A361 94E0 A6F2 C5F0 6A3A
10B3 1C10 9517
To enforce that, a gpg public key file contains 3 above public keys
will be stored at git repo as `nmstate/signing.gpg` and
`https://nmstate.io/signing.gpg` <
https://nmstate.io/signing.gpg>.
For user, they could just:
curl
https://nmstate.io/signing.gpg | gpg --import
It is also possible to get the keys from a keyserver by specifying the
fingerprint:
gpg2 --recv-keys "18A0 E3D6 A361 94E0 A6F2 C5F0 6A3A 10B3 1C10 9517"
# This need a fix as `nmstate.io` DNS config is incorrect.
Any comments or suggestions would be appreciated.
Will think about this, just wanted to unblock you by sharing my
key's fingerprint.
Thanks
Till
--
Till Maas
He/His/Him
Associate Manager, Software Engineering
NetworkManager, Nmstate, Ansible RHEL Networking System Role
Red Hat GmbH,
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Laurie Krebs, Michael O'Neill, Thomas
Savage