[SRU] Provide 2018 archive signing key on stable releases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-keyring (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* For LTS releases to be able to bootstrap dual and single signed future releases, and validate all signatures, 2018 archive signing key should be SRUed back
* Also build process has improved documentation and vague validation that all key snippets are signed correctly
[Test Case]
* $ apt-key list
...
/etc/apt/
-------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <email address hidden>
...
apt-key list should contain the 2018 archive key.
[Regression Potential]
* Build-process, key algo, and key size, and file format are the same as previous key snippets thus supported by all of gpg1 gpg2 gpgv1 gpgv2.
[Other Info]
* 2018 key is to be used for dual-signing in DD series and up
* Bileto PPA is built against security pocket only, suitable to be released into both -security and -updates
description: | updated |
information type: | Public → Public Security |
Changed in ubuntu-keyring (Ubuntu): | |
status: | New → Fix Released |
Changed in ubuntu-keyring (Ubuntu Bionic): | |
status: | New → In Progress |
Hello Dimitri, or anyone else affected,
Accepted ubuntu-keyring into bionic-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ ubuntu- keyring/ 2018.09. 18.1~18. 04.0 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification- needed- bionic to verification- done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- bionic. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.