Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade security public key #31594

Merged
merged 2 commits into from
Jul 10, 2024
Merged

Upgrade security public key #31594

merged 2 commits into from
Jul 10, 2024

Conversation

lunny
Copy link
Member

@lunny lunny commented Jul 9, 2024

Fix #31591

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 9, 2024
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 9, 2024
a1012112796
a1012112796 reviewed Jul 9, 2024
View reviewed changes
Copy link
Member

@a1012112796 a1012112796 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sadlly,after importing this new public key file, I can not verify new releaed binary file.

image

@a1012112796
Copy link
Member

sadlly,after importing this new public key file, I can not verify new releaed binary file.

image

see https://github.com/a1012112796/test_repo/actions/runs/9853651549/job/27204651180

@silverwind
Copy link
Member

sadlly,after importing this new public key file, I can not verify new releaed binary file.

I don't think you are meant to use the security key to verify releases, these are different keys I think.

@a1012112796
Copy link
Member

sadlly,after importing this new public key file, I can not verify new releaed binary file.

I don't think you are meant to use the security key to verify releases, these are different keys I think.

then, how to verify it? thanks

@silverwind
Copy link
Member

silverwind commented Jul 9, 2024
edited
Loading

There is another key for "teabot" which signs the releases but I don't think its public key is published anywere currently. I had previously recommended to put it on https://dl.gitea.com/.

I did find the previous teabot public key on https://keyserver.ubuntu.com, but I guess that's just coincidence.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 9, 2024
@techknowlogick
Copy link
Member

Yes, this is for when security researchers make reports to the security email. The release key is a different key.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 10, 2024
@techknowlogick techknowlogick enabled auto-merge (squash) July 10, 2024 16:27
@techknowlogick techknowlogick added skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Jul 10, 2024
@techknowlogick techknowlogick merged commit 1b0ccf4 into go-gitea:main Jul 10, 2024
26 checks passed
@GiteaBot GiteaBot added this to the 1.23.0 milestone Jul 10, 2024
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 10, 2024
wxiaoguang
wxiaoguang reviewed Jul 10, 2024
View reviewed changes
SECURITY.md
@@ -19,7 +19,7 @@ The PGP key is valid until June 24, 2024.
```
Key ID: 6FCD2D5B
Key Type: RSA
Expires: 6/24/2024
Expires: 7/9/2025
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 11, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
30278e0 
* giteaofficial/main:
  Upgrade security public key (go-gitea#31594)
  Fix wrong merge on removing docs (go-gitea#31605)
  Refactor webhook (go-gitea#31587)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wxiaoguang wxiaoguang wxiaoguang left review comments

@a1012112796 a1012112796 a1012112796 approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/docs size/M Denotes a PR that changes 30-99 lines, ignoring generated files. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features.
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.

PGP key is expired
6 participants
@lunny @a1012112796 @silverwind @techknowlogick @wxiaoguang @GiteaBot