Hi,

Am Fr., 27. März 2020 um 10:15 Uhr schrieb Gris Ge <fge@redhat.com>:

Hi Guys,

Currently, only only GPG key of Edward Haas is used for signing
release tarball and tag:

F7910D93CA83D77348595C0E899014C0463C12BB

I would like to propose these GPG key could also be used for release:
* Gris Ge <fge@redhat.com> F1FD57B2A5E9C8DB618086C66CCDE58FE41E28FF
* Till Maas <till@redhat.com> Unknown yet

sounds good. My key's fingerprint is: 18A0 E3D6 A361 94E0 A6F2 C5F0 6A3A 10B3 1C10 9517

To enforce that, a gpg public key file contains 3 above public keys
will be stored at git repo as `nmstate/signing.gpg` and
`https://nmstate.io/signing.gpg`.

For user, they could just:

curl https://nmstate.io/signing.gpg | gpg --import

It is also possible to get the keys from a keyserver by specifying the fingerprint:

gpg2 --recv-keys "18A0 E3D6 A361 94E0 A6F2 C5F0 6A3A 10B3 1C10 9517"

# This need a fix as `nmstate.io` DNS config is incorrect.

Any comments or suggestions would be appreciated.

Will think about this, just wanted to unblock you by sharing my key's fingerprint.

Thanks

Till

Till Maas
He/His/Him
Associate Manager, Software Engineering
NetworkManager, Nmstate, Ansible RHEL Networking System Role

Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Laurie Krebs, Michael O'Neill, Thomas Savage