Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > REJECTED ALTERNATIVE - ADDING THE KEY TO THE DD KEYRING > > One approach that would let tag2upload function correctly, would be > adding the tag2upload service key to debian-keyring.gpg, as if it were > a human uploading DD.
How about adding the tag2upload keys to a NEW keyring instead? https://salsa.debian.org/debian-keyring/keyring/ I think tag2upload is a different enough mechanism that it could warrant an entire new class of keyring. By including it in the official debian keyring package, we get some historic accountability of which keys were used. You also get a way to phase in new keys and phase out old keys. I suggest not putting it in the "debian-role-keys" but instead a new "debian-tag2upload-keys" keyring. It seems like a sensible implementation approach to accept any key in that keyring as being a "tag2upload" key, rather than hard-coding particular key fingerprints in various configuration files or scripts. /Simon
signature.asc
Description: PGP signature
