|
|
## Requirements
|
|
|
|
|
|
- Verify the UID, that is about to be signed
|
|
|
- [Verify the UID](workflows/verify-a-packager-key), that is about to be signed
|
|
|
- Only sign `@archlinux.org` UIDs (we want to be able to rely purely on WKD that is under control of Arch Linux's infrastructure to ensure packager keys do not rely on 3rd party availability)
|
|
|
- Backup detached UID signatures (this is required to avoid not being able to revoke signatures of resigned packagers, if they never applied the detached UID signature and the signer did not store a backup)
|
|
|
|
... | ... | |