|
|
## What needs to be done, if a packager resigns?
|
|
|
|
|
|
The packager announces their resignation on the respective mailing list ([arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) for developers, [aur-general@lists.archlinux.org](aur-general@lists.archlinux.org) for trusted users) in an email signed with the packager's signing key.
|
|
|
|
|
|
All packages signed by the packager's signing key are rebuilt and signed using another valid packager signing key.
|
|
|
|
|
|
The packager's [signing key is removed](workflows/remove-a-packager-key).
|
|
|
|
|
|
## What needs to be done, if a developer holding a revocation certificate resigns?
|
|
|
|
|
|
If the developer also resigns as a packager, all [steps necessary to remove a packager's signing key](#what-needs-to-be-done-if-a-packager-resigns) are taken for the holder of the revocation certificate.
|
|
|
|
|
|
The developer announces their resignation as a revocation certificate holder on the [arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) mailing list in an email signed with the developer's packager signing key.
|
|
|
|
|
|
The holder of the main signing key, for which the revocation certificate is valid needs to [add a new main signing key](workflows/add-a-new-main-key) and appoint a new [revocation certificate holder](best-practices#revocation-certificate-holder).
|
|
|
|
|
|
After the new main signing key is established, the old [main signing key is removed](workflows/remove-a-main-key).
|
|
|
|
|
|
## What needs to be done, if a developer holding a main signing key resigns?
|
|
|
|
|
|
If the developer also resigns as a packager, all [steps necessary to remove a packager's signing key](#what-needs-to-be-done-if-a-packager-resigns) are taken for the holder of the main signing key.
|
|
|
|
|
|
The developer announces their resignation as a main key holder on the [arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) mailing list in an email signed with the developer's packager signing key.
|
|
|
|
|
|
The team of developers appoints a new main signing key holder.
|
|
|
|
|
|
The new main signing key holder [adds a new main signing key](workflows/add-a-new-main-key) and appoints a new [revocation certificate holder](best-practices#revocation-certificate-holder).
|
|
|
|
|
|
After the new main signing key is established, the old [main signing key is removed](workflows/remove-a-main-key).
|
|
|
|
|
|
## What needs to be done, if a main signing key pair is lost or compromised?
|
|
|
|
|
|
The main signing key holder immediately sends an email to [security@archlinux.org](mailto:security@archlinux.org) notifying the security team of the issue.
|
|
|
|
|
|
The [main signing key is removed](workflows/remove-a-main-key).
|
|
|
|
|
|
Optionally, [a new main signing key is added](workflows/add-a-new-main-key).
|
|
|
|
|
|
## What needs to be done, if a revocation certificate of a main signing key pair is lost or compromised?
|
|
|
|
|
|
The revocation certificate holder immediately sends an email to [security@archlinux.org](mailto:security@archlinux.org) notifying the security team of the issue.
|
|
|
|
|
|
The [main signing key is removed](workflows/remove-a-main-key).
|
|
|
|
|
|
Optionally, [a new main signing key is added](workflows/add-a-new-main-key).
|
|
|
|
|
|
## What needs to be done, if a packager key pair is lost or compromised?
|
|
|
|
|
|
The packager immediately sends an email to [security@archlinux.org](mailto:security@archlinux.org) notifying the security team of the issue.
|
|
|
|
|
|
All packages signed by the packager's signing key are rebuilt and signed using another valid packager signing key.
|
|
|
|
|
|
The packager [adds a new signing key](workflows/add-a-new-packager-key).
|
|
|
|
|
|
The packager's old [signing key is removed](workflows/remove-a-packager-key).
|
|
|
|
|
|
## What needs to be done, if a packager key pair is considered weak or unsafe?
|
|
|
|
|
|
The packager [adds a new signing key](workflows/add-a-new-packager-key).
|
|
|
|
|
|
All packages signed by the packager's signing key are rebuilt and signed using another valid packager signing key.
|
|
|
|
|
|
The packager's old [signing key is removed](workflows/remove-a-packager-key). |
|
|
\ No newline at end of file |