Page MenuHomePureOS Tracker

Cryptographically sign ISO releases
Open, NormalPublic

Description

Users are looking for a way to be certain that our ISO is actually from us. Perhaps we can sign the releases we make monthly?

Event Timeline

jeremiah.foster triaged this task as Normal priority.Feb 24 2020, 11:49
jeremiah.foster created this task.

From @mak;

There are policy decisions needed

  • which key do we sign this with?
  • the archive key?
  • a new key?

It's difficult to automate due to security boundaries in the infrastructure and code needs to be written for it