On Thursday, April 6, 2023 at 6:56:31 AM UTC-6 dheinric wrote:
Am Donnerstag, dem 06.04.2023 um 05:33 -0700 schrieb Mark Waite: I'd rather not include extra instructions for Debian 10, Debian 11, Ubuntu 18, and Ubuntu 20, especially when those instructions involve creating directories as the root user and assuring those directories have correct ownership and permissions. People knowing that page might then (falsely) assume that the key will be managed by a package after initial setup if it is to be placed into /usr/share/keyrings. OTOH, creating the directory is just one more line, like sudo sh -c "test -d /etc/apt/keyrings || mkdir -m 0755 /etc/apt/keyrings" We'll discuss further in the retrospective to see which path we take to reduce the problems for Debian and Ubuntu administrators on the next GPG key rotation. Why wait (until next rotation)? Why not create a package which places the current key into /usr/share/keyrings and add that as a dependency to the main Jenkins package? This is how Element or PostgreSQL (to name a few) already do it. Would have the benefit that no documentation change would be needed. Agreed that if the decision from the retrospective and investigation is to implement an additional package as a dependency to the main Jenkins package, then there is no need to wait until the next key rotation. The bigger challenge is having someone implement that package and perform the necessary testing to confirm that it is well behaved on Debian 10, Debian 11, Ubuntu 18, Ubuntu 20, and Ubuntu 22. If that effort takes enough time that Debian 12 releases before it is done, then Debian 12 will also need to be tested. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/20c19a0a-2846-4d99-9c76-83ea7c06e368n%40googlegroups.com.
