Xen project Mailing List

Re: [Xen-devel] request to sign software

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxxx>

From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Date: Thu, 1 Apr 2010 17:37:56 +0100

Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Stephen Spector <stephen.spector@xxxxxxxxxx>, Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 01 Apr 2010 09:38:30 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Keir Fraser writes ("Re: [Xen-devel] request to sign software"): > I chatted with Ian Jackson about this, and our thought was to generate a > xen.org master key which we would keep safe in Cambridge: only he and I > would have copies of it (the two of us, for redundancy). We can also > generate a software-signing key, signed by the master key, which we actually > use for the business of signing releases from the xen-*.hg and > qemu-xen-*.git repositories. Right. I think the best plan is to have a master key we use for certifying other keys, including probably a single key for each relevant tree. So we'll have a key for xen-*.hg which we'll use with the hg repo signing support to sign 4.0.0, a key for qemu-xen-*.git likewise, and probably at least one more key for signing tarball releases. I trust Jeremy can generate his own special key for generating a signed tag for a suitable pvops version. Jeremy ? The public half of the master key at least (and perhaps some of the others) will be on the website and I'll cross-certify it with my own personal PGP keys. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.