Project

General

Profile

Feature #8222

Transition to a new signing key

Added by intrigeri over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
11/05/2014
Due date:
01/15/2015
% Done:

100%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Description

We decided during the summit 2014 to generate a new one once the switch to smartcards is done. After the switch we'll split this new key again.


Subtasks

Feature #8739: Transition to a new signing key, phase 1Resolved

Feature #8729: Have the new signing key certified by people in the Debian keyringResolvedintrigeri

Feature #8731: Have both our new and old signing keys in the ISO and the user's keyringResolvedintrigeri

Feature #8738: Adjust code that hardcodes our old signing keyResolvedintrigeri

Feature #8732: Have Tails Upgrader trust both the old and new signing keysResolvedintrigeri

Feature #8740: Transition to a new signing key, phase 2Resolved

Feature #8730: Publish a transition statement for our signing keyResolved

Feature #8734: Update all documentation to trust our new signing keyResolved

Feature #8735: Stop shipping our old signing key in the ISOResolvedintrigeri

Feature #8736: Have Tails Upgrader stop trusting the old signing keyResolvedintrigeri

Feature #8769: Document how to migrate from trusting the old key to trusting the new keyResolved

Feature #8882: Adjust code that hardcodes our old signing key, take 2Resolvedintrigeri

History

#2 Updated by intrigeri over 5 years ago

  • Type of work changed from Code to Sysadmin

#5 Updated by sajolida over 5 years ago

Can you explain a bit the rationale behind this? What are the reasons behind this change of signing key?

#6 Updated by intrigeri over 5 years ago

sajolida wrote:

Can you explain a bit the rationale behind this? What are the reasons behind this change of signing key?

I'm merely converting summit decisions into tickets. See notes/signing_key_split.mdwn in the summit-2014 Git repo. The idea is that once we have safer practices to store and use our signing key, we should drop the old one that was used less safely.

#7 Updated by sajolida over 5 years ago

  • Description updated (diff)

#8 Updated by intrigeri about 5 years ago

  • Subject changed from Generate a new signing key to Transition to a new signing key

#12 Updated by intrigeri about 5 years ago

  • Target version set to Tails_1.3.2

#13 Updated by intrigeri about 5 years ago

  • Private changed from Yes to No

#14 Updated by intrigeri about 5 years ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from intrigeri to sajolida

(All remaining subtasks are on sajolida's plate.)

#15 Updated by sajolida about 5 years ago

  • Status changed from In Progress to 11
  • Assignee deleted (sajolida)

#16 Updated by BitingBird about 5 years ago

  • Target version changed from Tails_1.3.2 to Tails_1.3.1

#17 Updated by BitingBird about 5 years ago

  • Status changed from 11 to Resolved

Also available in: Atom PDF