Skip to content
This repository has been archived by the owner on May 27, 2018. It is now read-only.

development version/productive version #8

Open
rugk opened this issue Dec 12, 2016 · 2 comments
Open

development version/productive version #8

rugk opened this issue Dec 12, 2016 · 2 comments
Milestone

Comments

@rugk
Copy link
Member

rugk commented Dec 12, 2016

We need a new PGP key, whose private key may be available online or at least available to all team members here, for test singing and so on.

Also we need a productive key (not right now, but when deployed in the beta later) only one or two people have access to, for signing releases.

The build script should then have a toggle to choose the dev version and if it is not given the productive version should be built.

@rugk rugk added this to the first beta milestone Dec 12, 2016
@elrido
Copy link

elrido commented Dec 13, 2016

Why would that new private key need to be shared? Couldn't we just have two lists of accepted public keys, one for dev and one for prod?

@rugk
Copy link
Member Author

rugk commented Dec 13, 2016

Why would that new private key need to be shared?

Ah yes, we could of course do this. A list of dev keys.

However we should keep the dev & prod. version separate for obvious reasons. Also I think one key for the prod. version would be suitable.
We could also deploy a four-eyes principle here by e.g. singing the data with a key by one person and leaving the server hosting stuff to another person, who does not have the private key. Thirty the add-on could be published by a third version.
The issue here would be that if one person fails (not responding, ill, hit by bus, …) we would have a serious problem. However we could also share the stuff in a way that at least two persons have access to one feature (add-on hosting, singing or hosting)

The add-on hosting would of course basically just be the uploading process to different add-on stores.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants