arcade-services icon indicating copy to clipboard operation
arcade-services copied to clipboard
verified publisher icon dotnet

Linux signing hardening in Staging pipeline

Open epananth opened this issue 2 years ago • 2 comments

The Linux signing job is driven off a file list.

This is a link to the list , it is manually created/updated by Rahul and Lee every time during the release. Historically the files were missed and skipped during download phase, but this should no longer be the case. All files must be signed.

In order to do so, we need to figure out somethings:

  • [ ] Do we really need this list? Can we just pick all the .deb and .rpm files and sign it
  • [ ] Should this be moved to the repo main build
  • [ ] I have a proposal for this https://github.com/dotnet/arcade/issues/13663 . Depending on what traction we will get on that epic, we can plan this. Will wait for a few days for this.

epananth avatar Apr 03 '23 20:04 epananth

@epananth , please catch up with @MilenaHristova about this one.

andriipatsula avatar May 22 '23 15:05 andriipatsula

@MilenaHristova I am updating this, to make sure we understand the scope of this issue

epananth avatar May 22 '23 23:05 epananth