Remove operational and mirror keys from bootstrap key set #53
Commits on Jul 18, 2022
-
Remove operational and mirror keys from bootstrap key set
The list of keys passed to the Hackage Security setup should be the bootstrap root keys, rather than all keys used. There are three kinds of keys used with Hackage Security today: * root keys, which are the community roots of trust, kept offline and distributed among trusted community members, * operational keys, which are kept in memory on Hackage and used for ongoing cryptographic signatures of the timestamp file and index, * and mirror keys, which are used to sign the mirror list. Tools that wish to interact with Hackage need to carry a bootstrap set of root keys to solve the chicked-and-egg problem. These are five root keys that are implicitly trusted. These keys are used to sign root.json in Hackage, which then specifies which additional keys are available and used. The list here, however, contains all the keys, rather than just the bootstrap root keys.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.