Monitoring whether all Tails OpenPGP keys distributed with Tails are monitored now depends on an obsolete repo
We have code in place to make sure that all OpenPGP keys that are distributed with Tails are indeed monitored by our monitoring system:
What that does is:
- clone the Tails repo
- list the OpenPGP keys included in it
- clone the (obsolete, archived) puppet-code repo
- check whether all OpenPGP keys are listed in the YAML file that defines OpenPGP keys monitoring
The problem is that the puppet-code repo is now obsolete and archived, and will not be updated. The new version of the YAML file lives in the currently private TPA puppet-control repo:
Because that project is private, we can't just replace one URL with the other. If we want to keep the same mechanism, we need to at least give the monitoring node read-access to tpo/tpa/puppet-control>.
But the plan is to migrate all Tails monitoring soon (in 2026) to Prometheus, so we may as well fix this in the context of that migration.