From feab8a68eb69971bf594dcc0fd10923b4064eef2 Mon Sep 17 00:00:00 2001 From: Levente Polyak Date: Thu, 29 Apr 2021 19:37:44 +0200 Subject: [PATCH] doc: split and add checks to issue templates according to responsibilities Signed-off-by: Levente Polyak --- .gitlab/issue_templates/New Main Key.md | 22 +++++++++++++++++++-- .gitlab/issue_templates/New Packager Key.md | 15 ++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/.gitlab/issue_templates/New Main Key.md b/.gitlab/issue_templates/New Main Key.md index 56d674b..a322eee 100644 --- a/.gitlab/issue_templates/New Main Key.md +++ b/.gitlab/issue_templates/New Main Key.md @@ -26,11 +26,29 @@ https://www.gnupg.org/gph/en/manual/x135.html ## Checks +### New key owner + - [ ] The [workflow for adding a new main key](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows/add-a-new-main-key) has been followed +- [ ] The key pair has been validated according to the [best + practices](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair) - [ ] The data in the [Details](#details) section is attached to this issue as a clearsigned document -- [ ] The revocation certificate holder verified the revocation certificate as - working in a comment to this issue +- [ ] The revocation certificate has been sent in an encrypted message to the + revocation certificate holder - [ ] The public key has been uploaded to the SKS infrastructure + +### Keyring maintainer + +- [ ] The key pair has been validated according to the [best + practices](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair) +- [ ] The data in the [Details](#details) section is correct and signed with a + valid and trusted packager key, which is part of `pacman-key` + +### Revocation Certificate Holder + +- [ ] The revocation certificate has been [verified + as working](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows/verify-a-revocation-certificate) + and confirmed in a comment to this issue +- [ ] The revocation certificate has been backed up in a dedicated encrypted backup storage diff --git a/.gitlab/issue_templates/New Packager Key.md b/.gitlab/issue_templates/New Packager Key.md index f688d6c..876e4bd 100644 --- a/.gitlab/issue_templates/New Packager Key.md +++ b/.gitlab/issue_templates/New Packager Key.md @@ -33,10 +33,25 @@ needs to do the signature. ## Checks +### New key owner + - [ ] The [workflow for adding a new packager key](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows/add-a-new-packager-key) has been followed +- [ ] The key pair contains one user ID with a valid `@archlinux.org` email address + used for signing +- [ ] The key pair has been validated according to the [best + practices](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair) - [ ] The data in the [Details](#details) section is attached to this issue as a clearsigned document - [ ] The public key has been uploaded to the SKS infrastructure - [ ] The public key has been signed by at least three valid main keys + +### Keyring maintainer + +- [ ] The key pair contains one user ID with a valid `@archlinux.org` email address + used for signing +- [ ] The key pair has been validated according to the [best + practices](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair) +- [ ] The data in the [Details](#details) section is correct and signed with a + valid and trusted packager key, which is part of `pacman-key`