-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: remove Juan Jose keys #45827
doc: remove Juan Jose keys #45827
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I think this key needs to be added to the "Other keys used to sign some previous releases" section. |
Juan is also listed under Security release stewards. Does that need to be updated? |
Juan will still be a releaser. He just doesn't have access to this key anymore. Once he gets a new machine, he will include a new one |
b9090ac
to
87c43c5
Compare
Got it. Thanks. A note in the commit message or PR description would be helpful. |
So what happened to his key? If evil-doer Eve gets hold of it, she can use it to sign a malicious binary and send that to Alice, and since his key is still listed in the readme, Alice is going to think it's legit. |
Fast-track has been requested by @GeoffreyBooth. Please 👍 to approve. |
Hi Ben! I've sent you an email. |
Landed in b3f5a41 |
PR-URL: #45827 Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Beth Griggs <[email protected]>
PR-URL: #45827 Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Beth Griggs <[email protected]>
Juan doesn't have access to this key anymore. Once he gets a new machine, we will include the new key.