Hi, everyone.
Just a quick announcement: I have enabled experimental signatures
on gentoo-mirror commits for gentoo.git. The server now verifies
developer signatures from gentoo.git (using fingerprints from LDAP)
and if everything looks fine pushes a signed mirror commit.
$ git log --show-signature -1 | cat
commit ec25012d1f9e8c795d8822810970127b13adf2c1
gpg: Signature made Sat Jan 27 14:48:54 2018 CET
gpg: using RSA key F265B6A01DEF32748C6184C79FA394EB86CB7342
gpg: Good signature from "Repository Mirror & CI project (automated signing
key) <repo-qa-che...@gentoo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C5DF ACC4 F05D 47E4 383C E4C2 403B C085 18DA F97B
Subkey fingerprint: F265 B6A0 1DEF 3274 8C61 84C7 9FA3 94EB 86CB 7342
Author: Repository QA checks <repo-qa-che...@gentoo.org>
Date: Sat Jan 27 14:48:54 2018
2018-01-27 13:48:53 UTC
The appropriate public key has been pushed to SKS keyservers.
The current fingerprints can be found on the project page [1]. I will
work on Portage integration later on.
[1]:https://wiki.gentoo.org/wiki/Project:Repository_mirror_and_CI
--
Best regards,
Michał Górny
