33fe23aecf
The MIT keyserver is frequently unavailable for uploads so it no longer make sense to block new keys based on its availability. Once we have main-key signing tooling built into `keyringctl` this requirement will no longer be necessary since the tooling will be able to be run from branches already containing the necessary keys. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
3.0 KiB
3.0 KiB
/assign @archlinux/teams/main-key-holders /label ~"new main key" /title New main key of
Add a new main key
Details
- Username:
- PGP key ID:
- Revocation Certificate Holder:
Checks
NOTE: The below check boxes must be checked before the accompanying merge request to add the new main key can be merged.
Owner of new key
- The workflow for adding a new main key has been followed
- The key pair has been validated according to the best practices
- The data in the Details section is attached to this issue as a clearsigned document
- The revocation certificate has been sent in an encrypted message to the revocation certificate holder
- The public key has been uploaded to the
keyserver.ubuntu.comandkeys.openpgp.orgkeyservers, and thearchlinux.orgUID has been verified on thekeys.openpgp.orgkeyserver. Optionally the key can also be uploaded to thepgp.mit.edukeyserver, but this is no longer mandatory as it's frequently flaky. - A merge request to add the new public key has been created
Revocation Certificate Holder
- The revocation certificate has been verified as working and confirmed in a comment to this issue
- The revocation certificate has been backed up on a dedicated encrypted backup storage medium
Main key holders
- The data in the Details section is correct and signed with a
valid and trusted packager key, which is already part of
archlinux-keyring