Infrastructure Team Meeting - June 07, 2022

Attendees

Announcements :loudspeaker:

  1. Weekly 2.351: issues
    • Infra issues (Kubernetes <-> Jenkins configuration)
    • docker/packaging ubuntu 22.04. createrepocreaterepo_c. Issues: Openssl + JDK changes.
    • Let’s continue to watch this release.

Notes :book:

1 Like

This might be something worth putting in our 1password subscription?

As I understood @danielbeck and @olblak explanations, the reason to have a shot list of key owner is part of the threat model. Once you have access to this CA key, it cannot be revoked (since it is kinda the of the root certification), compared to access to the UC certificate key.
Putting it in a 1 password subscription feels like opening it to a wider range of people.

I wouldn’t mind backuping the key in a GPG encrypted format in a private repository that only the owner could decrypt so it would not be stored only on their machines.

Also, we might want to request the board to discuss this topic: should be add owners considering that the 3 of them are not expected to be day-to-day responsive.

It’s risky to give this ownership to the infra officer as it might change yearly. Maybe the security officer eventually along with 1-2 board members?