Commit Graph

7 Commits

Author SHA1 Message Date
Aleksa Sarai d0b1a37440 keyring: update AkihiroSuda key expiry
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-01-22 17:35:00 +11:00
Aleksa Sarai d561e5da87 keyring: update cyphar@cyphar.com key expiry
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-01-22 17:35:00 +11:00
Akihiro Suda c1063b1ce2 runc.keyring: add Akihiro Suda
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-04-26 08:03:14 +10:00
Kir Kolyshkin 6a806d4dc4 runc.keyring: add Kolyshkin
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-22 17:18:50 +10:00
Aleksa Sarai b6f686f2c6 keyring: add Aleksa's <cyphar@cyphar.com> signing key
keyid C9C370B246B09F6DBCFC744C34401015D1D2D386

This is my personal signing key, which I've used to sign the vast
majority of my commits on GitHub. While I usually sign releases using my
<asarai@suse.de> signing key, it doesn't hurt to include this key too.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=C9C370B246B09F6DBCFC744C34401015D1D2D386&fingerprint=on&op=index
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:24 +10:00
Aleksa Sarai 63355bf8e5 keyring: add Aleksa's <asarai@suse.com> signing key
keyid 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4

This is the signing key I have used for all previous runc releases. You
can also verify that this is the key trusted by openSUSE for all of our
releases.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=5F36C6C61B5460124A75F5A69E18AA267DDB8DB4&fingerprint=on&op=index
Ref: https://build.opensuse.org/package/view_file/openSUSE:Factory/runc/runc.keyring?expand=1&rev=54
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2023-04-22 17:18:24 +10:00
Aleksa Sarai bd1d5370ef release: add runc.keyring file and script
In order to allow any of the maintainers to cut releases for runc,
create a keyring file that distributions can use to verify that releases
are signed by one of the maintainers.

The format matches the gpg-offline format used by openSUSE packaging,
but it can be easily imported with "gpg --import" so any distribution
should be able to handle this keyring format wtihout issues.

Each key includes the GitHub handle of the associated user. There isn't
any way for this information to be automatically verified (outside of
using something like keybase.io) but since all changes of this file need
to be approved by maintainers this is okay for now.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:22 +10:00