Update our OpenPGP keys in 2019
What we’re supposed to do each year:
- Bump the master key’s expiration date by 1 year.
- Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
- If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
- Update the public key in
- Update references to the public key at least in
- Create a ticket about updating our OpenPGP keys next year.
To be done at the summit during northern hemisphere summer.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information