Verify we no longer depend on any signed tags from sysrqb and gk , and remove them from torbutton.gpg

changed milestone to %Sponsor 131 - Phase 5 - Ongoing Maintenance

added Maintenance Sponsor 131 Q4 Signing Task labels

added Next label

Richard Pospesel (@richard):

Richard Pospesel created an issue: #40645 (closed)

+1

mentioned in merge request !539 (closed)

At the same time we can remove keyring/https-everywhere.gpg, and check if they are keys from other keyrings that we can remove.

Maybe even rename torbutton.gpg to something that makes sense :D

Maybe even rename torbutton.gpg to something that makes sense :D

Yes, we could rename that to something like tb-team.gpg.

Or something else we can do is having a separate .gpg file for each member of the team, and then listing all members of the team in gpg_keyring like this:

gpg_keyring:
 - boklm.gpg
 - dan.gpg
 - henry.gpg
 - ma1.gpg
 - pierov.gpg
 - richard.gpg

I think those separate keyrings would be useful for tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo too (currently the script downloads the signatures, but doesn't verify the signatures).

(main)> grep -r torbutton.gpg projects/
projects/fenix/config:gpg_keyring: torbutton.gpg
projects/firefox/config:gpg_keyring: torbutton.gpg
projects/geckoview/config:gpg_keyring: torbutton.gpg
projects/android-components/config:gpg_keyring: torbutton.gpg

Same plus tor-launcher on maint-11.5.

Android is on 102 on both the branches, so it's been signed either by richard or me.

tor-launcher has been singed a few days ago by richard.

Firefox 91.13 and all 102.3 stuff has been signed by richard, and base-browser-102.4esr-12.0-1-build1 has been signed by me.

So we should be able to remove sysrqb and gk from the keyring.

Also, I asked a few people to sign my public key in Ireland, so I'd prefer if we used a gpg file with more signatures in it (I'm still asking people to publish them).

Separate per-user keyrings does also make it a bit easier to have fine-tuned control over who can sign what, and makes the contents of the keyring a bit less opaque.

assigned to @richard

mentioned in merge request !589 (merged)

mentioned in issue rbm#40049 (closed)

removed Next label

added Doing label

mentioned in merge request rbm!43 (merged)

marked this issue as related to #40637 (closed)

fixed in rbm@bf35e085 and 1adc743f

closed

marked this issue as related to #40703 (closed)