|
|
## Requirements
|
|
|
- A valid revocation certificate for the key or access to the private key
|
|
|
- A valid revocation certificate for the key or access to the private key in the case that the key itself will be revoked
|
|
|
|
|
|
## Workflow
|
|
|
|
|
|
1. Announce resignation and/or revocation on the respective mailing list ([arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) for developers, [aur-general@lists.archlinux.org](/archlinux/archlinux-keyring/-/wikis/aur-general@lists.archlinux.org) for trusted users) in an email signed with the packager signing key.
|
|
|
You may retire (main key signatures are revoked) or revoke (you revoke your key and it can not be used for any further actions) your key.
|
|
|
|
|
|
If you intend to retire from packaging altogether, announce this on the respective mailing list ([arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) for developers, [aur-general@lists.archlinux.org](/archlinux/archlinux-keyring/-/wikis/aur-general@lists.archlinux.org) for trusted users) in an email signed with the packager signing key.
|
|
|
|
|
|
### Key Retirement
|
|
|
|
|
|
[Open an issue](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new) using the "Remove Packager Key" template.
|
|
|
|
|
|
### Key Revocation
|
|
|
|
|
|
1. Revoke key locally
|
|
|
- *Optional*: Create a revocation certificate if none exists already (requires full access to the private key)
|
|
|
- `gpg --output revoke.asc --gen-revoke <key ID>`
|
... | ... | @@ -26,4 +35,5 @@ |
|
|
1. Publish updated public key via WKD
|
|
|
- Trigger a new deployment of the public keys via [WKD](https://gitlab.archlinux.org/archlinux/wkd/)
|
|
|
1. Revoke the public key on the keyserver infrastructure
|
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>` |
|
|
\ No newline at end of file |
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>`
|
|
|
|