[PATCH 21.02] openwrt-keyring: Only copy sign key for 21.02

Hauke Mehrtens hauke at hauke-m.de
Mon May 17 12:52:52 PDT 2021


On 5/17/21 8:10 PM, Paul Spooren wrote:
> 
> On 5/16/21 3:57 PM, Hauke Mehrtens wrote:
>> On 5/16/21 3:26 PM, Hauke Mehrtens wrote:
>>> Instead of adding all public signature keys from the openwrt-keyring
>>> repository only add the key which is used to sign the OpenWrt 21.02 
>>> feeds.
>>>
>>> If one of the other keys would be compromised this would not affect
>>> users of 21.02 release builds.
>>>
>>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>>> ---
> In my opinion this patch still lacks a *openwrt-next* key to allow a 
> secure upgrade path between major releases.

We can also add this later in some service release.
Currently I wanted to remove all the personal keys from the trusted keys.

Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x93DD20630910B515.asc
Type: application/pgp-keys
Size: 9895 bytes
Desc: OpenPGP public key
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210517/f46d9b1e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210517/f46d9b1e/attachment.sig>


More information about the openwrt-devel mailing list