Skip to content

Have check-mirrors use a dedicated keyring

At the moment when running from our servers, check-mirror uses the keyring of its Unix user, with only the right signing key imported in it.

This shouldn’t matter when it’s running as a dedicated user but in other case, a mirror could publish a signature that is valid according to a different key.

Source code: git clone https://git.tails.boum.org/check-mirrors
Mentoring: tails-mirrors@boum.org

Original created by @sajolida on 7859 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information