<div dir="ltr">Sanity of the key vault as i understand it as its air-gapped (the no ssh part)<div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span></span><span></span>Corey W Sheldon</div><div>Freelance IT Consultant, Multi-Discipline Tutor </div><div>(p) 310.909.7672</div><div><a href="https://www.plus.google.com/+CoreySheldon" target="_blank">G+:</a><br></div><div><a href="https://www.linkedin.com/profile/view?id=70127804" target="_blank">LinkedIn:</a><br><a href="https://www.github.com/linux-modder" style="font-size:12.8000001907349px" target="_blank">Github:</a></div><div><a href="https://www.facebook.com/corey.sheldon" target="_blank">Facebook:</a> </div><div><a href="https://www.stackexchange.com" target="_blank">Several Communities on Stack Exchange</a><br><br><a href="http://www.facebook.com/1stclassmobileshine" target="_blank"></a></div><div><br></div><div>Tutoring in person or via any of the following platforms:</div><div><a href="https://www.hackhands.com" target="_blank">HackHands</a></div><div><a href="https://www.wizperts.com" target="_blank">Wizpert</a></div><div><a href="https://www.fieldnation.com" target="_blank">FieldNation</a><br></div><div><a href="https://www.airpair.com" target="_blank">AirPair</a><br></div><div><a href="http://www.truelancer.com" target="_blank">Truelancer</a><br></div><div><br></div><div>{PayPal,Google Wallet/Play store, Apple Pay}</div><div><div>---------------------------------------------------------------------------------------------------</div><div>pub <span style="color:rgb(0,0,0);font-size:12.8000001907349px">3072D/</span><a href="http://pgp.mit.edu/pks/lookup?op=get&search=0xE958C5D6718BF597" style="font-size:12.8000001907349px" target="_blank">718BF597</a><span style="color:rgb(0,0,0);font-size:12.8000001907349px"> 2014-12-08 </span></div><div> Key fingerprint = <span style="color:rgb(0,0,0);font-size:12.8000001907349px">2930 99EB 083D D332 0752 88C4 E958 C5D6 718B F597</span></div><div>uid Corey Sheldon (Fedora Key) <<a href="mailto:sheldon.corey@gmail.com" target="_blank">sheldon.corey@gmail.com</a>></div><div>---------------------------------------------------------------------------------------------------</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Mar 31, 2015 at 4:55 AM, Miroslav Suchý <span dir="ltr"><<a href="mailto:msuchy@redhat.com" target="_blank">msuchy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 03/27/2015 01:49 PM, Kevin Fenzi wrote:<br>
> * releng person gathers list of pending update requests from bodhi.<br>
> (a few minutes)<br>
><br>
> * releng person looks over list for anything out of the ordinary or<br>
> off. (another few minutes)<br>
><br>
> * releng person tells sigul to sign that list of packages and write out<br>
> the signed ones in koji. The releng person talks to the sigul bridge<br>
> and the sigul vault (which is not reachable via ssh) talks to the<br>
> bridge.<br>
<br>
Few minutes, but manual minutes. IIRC rest of the process is automatic.<br>
Do we really need human here? What can be extraordinary here? Even if I have that security incident years ago in my<br>
mind, I could not figure out why we need human reviewing list of packages to sign.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Miroslav Suchy, RHCE, RHCDS<br>
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys<br>
</font></span><div class="HOEnZb"><div class="h5">--<br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" target="_blank">http://fedoraproject.org/code-of-conduct</a></div></div></blockquote></div><br></div>