On 2013-09-20 10:47:10 -0700 (-0700), Clint Byrum wrote: [...] > Also if we are auto-signing anything, the infra team can sign the > key for the auto-signer, so we can also secure any mirrored copies of > automatically built artifcats against server side tampering.
Yes, and to that end I've done a little brainstorming in updates to https://launchpad.net/bugs/1118469 for a phased approach to possibly implementing some of these improvements on the infra/release automation side of things. -- Jeremy Stanley _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev