More Master Keys

[lazka]

We currently only have 3 master keys (the minimum amount) which means we need all three to add new packagers.

Ideally we would find more people who are willing to participate.

[Biswa96]

What are the criteria, responsibilities and requirements for being a master key provider?

[lazka]

• You need to generate a key pair.
• Then you'd need to sign our packager keys with it.
• Upload the public key and signed keys to the keyserver and we'll add it to the keyring
• After that you just have to make sure that the private key is secure and you don't lose it.

Optionally you could also create a second key pair for packaging which you'd need to sign with your master key. This could then be used for signing packages, after being signed by us, uploaded to the keyserver, and added to the keyring.

(edit: and you need to use gnupg and not go crazy)

edit2: https://wiki.archlinux.org/title/GnuPG#Create_a_key_pair

[lazka]

Here are the Arch Linux guides for handling all this: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows ("Add a new main key" is relevant here)