Merge lp:~xnox/ubuntu-archive-publishing/migrate-dist-upgrade-to-4k into lp:ubuntu-archive-publishing
| Status: | Merged |
|---|---|
| Merged at revision: | 91 |
| Proposed branch: | lp:~xnox/ubuntu-archive-publishing/migrate-dist-upgrade-to-4k |
| Merge into: | lp:ubuntu-archive-publishing |
| Diff against target: |
47 lines (+14/-19) 1 file modified
publish-distro.d/10-sign-releases (+14/-19) |
| To merge this branch: | bzr merge lp:~xnox/ubuntu-archive-publishing/migrate-dist-upgrade-to-4k |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Adam Conrad | 2016-11-17 | Pending | |
| Brian M Murray | 2016-11-17 | Pending | |
| Steve Langasek | 2016-11-17 | Pending | |
| Ubuntu Package Archive Administrators | 2016-11-17 | Pending | |
|
Review via email:
|
|||
Description of the Change
* Use full fingerprints throughout for signing
* Migrated utopic..yakkety upgrade tarballs to a single 4k key
- 92. By Dimitri John Ledkov on 2016-11-18
-
Drop digest specification, for single key sigs, use key's prefered default.
| Steve Langasek (vorlon) wrote : | # |
| Adam Conrad (adconrad) wrote : | # |
> I'm not sure which is the more obvious place for us to enforce this.
I think the more transparent place to enforce it is in the code. Maybe the keys in the keyring should have better defaults, but if we want a specific digest, we should be explicit about that in the code, not implicitly hope that the keyring has it set how we want (even if/when it does).
| Steve Langasek (vorlon) wrote : | # |
On Mon, Nov 21, 2016 at 04:47:59PM -0000, Adam Conrad wrote:
> > I'm not sure which is the more obvious place for us to enforce this.
> I think the more transparent place to enforce it is in the code. Maybe
> the keys in the keyring should have better defaults, but if we want a
> specific digest, we should be explicit about that in the code, not
> implicitly hope that the keyring has it set how we want (even if/when it
> does).
Ok, then Dimitri should revert the last change and we should land this :)
- 93. By Dimitri John Ledkov on 2016-11-25
-
Encode digest-algo in the code, update comments for consistency and clarity.
- 94. By Dimitri John Ledkov on 2016-11-25
-
Merge trunk
| Dimitri John Ledkov (xnox) wrote : | # |
Encoded all ubuntu) digests into the command lines, and updated comments to match that we are encoding digests in the code from now on.
Hopefully, the transition to 8k key with SHA-3 digest algo will go more smooth.
| Dimitri John Ledkov (xnox) wrote : | # |
Could this please be merged, and dist-upgrade tarballs: xenial, yakkety and zesty resigned?
| Brian Murray (brian-murray) wrote : | # |
We decided, in #ubuntu-release, that I'd reupload ubuntu-
On Fri, Nov 18, 2016 at 02:34:35PM -0000, Dimitri John Ledkov wrote:
> I have no way to check the key preferences. I assume they are sane.
> Removed the extra arg. Hopefully, we will soon transition to 8K keys and
> SHA3.
In fact, the current prefs on the key will *not* do what we want without
this argument:
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
I wasn't asking you to drop this arg, now the branch is not in a state that
we can merge :) I was asking whether this was the way we want to do this
going forward or if we should fix the digest preferences on the key.
I'm not sure which is the more obvious place for us to enforce this.