[PATCH 21.02] openwrt-keyring: Only copy sign key for 21.02
Paul Spooren
mail at aparcar.org
Mon May 17 15:42:52 PDT 2021
May 17, 2021 21:53:01 Hauke Mehrtens <hauke at hauke-m.de>:
> On 5/17/21 8:10 PM, Paul Spooren wrote:
>> On 5/16/21 3:57 PM, Hauke Mehrtens wrote:
>>> On 5/16/21 3:26 PM, Hauke Mehrtens wrote:
>>>> Instead of adding all public signature keys from the openwrt-keyring
>>>> repository only add the key which is used to sign the OpenWrt 21.02
>>>> feeds.
>>>>
>>>> If one of the other keys would be compromised this would not affect
>>>> users of 21.02 release builds.
>>>>
>>>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>>>> ---
Acked-by: Paul Spooren <mail at aparcar.org>
>> In my opinion this patch still lacks a *openwrt-next* key to allow a
>> secure upgrade path between major releases.
>
> We can also add this later in some service release.
> Currently I wanted to remove all the personal keys from the trusted
> keys.
>
> Hauke
--
More information about the openwrt-devel
mailing list