Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2895

Sign release artifacts or tags with MongoDB-managed keys

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Security
    • Labels:
      None
    • Needed - No Spec Changes
    • Hide

      Summary of necessary driver changes

      •  Please see the description in the linked DRIVERS ticket
      Show
      Summary of necessary driver changes  Please see the description in the linked DRIVERS ticket
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5537 Backlog
      CXX-3010 Fixed 3.11.0
      CSHARP-5050 Scheduled
      GODRIVER-3189 Backlog
      JAVA-5432 Done 5.2.0
      NODE-6115 In Progress
      MOTOR-1304 Backlog
      PYTHON-4385 Backlog
      PHPLIB-1436 Duplicate
      RUBY-3451 Backlog
      RUST-1921 Blocked
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5537 Backlog CXX-3010 Fixed 3.11.0 CSHARP-5050 Scheduled GODRIVER-3189 Backlog JAVA-5432 Done 5.2.0 NODE-6115 In Progress MOTOR-1304 Backlog PYTHON-4385 Backlog PHPLIB-1436 Duplicate RUBY-3451 Backlog RUST-1921 Blocked

      Release artifacts published to officially supported channels MUST be signed with a MongoDB-owned or managed key.

      Drivers that only create git tags for releases (e.g. Python, PHPLIB) MUST sign release tags with a MongoDB-owned or managed key.

      Projects already signing releases (e.g. PGP keys via Evergreen secrets) satisfy this goal, but projects that have yet to implement signing SHOULD integrate Garasign.

      Drivers SHOULD integrate release signing with automated releases.

      Drivers MUST provide documentation for users to verify release artifacts if they wish (e.g. using tools to check binaries using published signature files).

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: