Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2895

Sign release artifacts or tags with MongoDB-managed keys

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Security
    • None
    • Needed - No Spec Changes
    • Hide

      Summary of necessary driver changes

      •  Please see the description in the linked DRIVERS ticket
      Show
      Summary of necessary driver changes  Please see the description in the linked DRIVERS ticket
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5537 Done 1.27.3
      CXX-3010 Fixed 3.11.0, 3.10.2
      CSHARP-5050 Done 2.26.0
      GODRIVER-3189 Fixed 1.16.0
      JAVA-5432 Done 5.1.2
      NODE-6115 Done kerberos-2.1.1, 6.8.0, bson-6.8.0, legacy-6.1.0, mongodb-client-encryption-6.1.0
      MOTOR-1304 Backlog
      PYTHON-4385 Fixed 4.8
      PHPLIB-1436 Duplicate
      RUBY-3451 Fixed
      RUST-1921 Fixed 3.1.0
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5537 Done 1.27.3 CXX-3010 Fixed 3.11.0, 3.10.2 CSHARP-5050 Done 2.26.0 GODRIVER-3189 Fixed 1.16.0 JAVA-5432 Done 5.1.2 NODE-6115 Done kerberos-2.1.1, 6.8.0, bson-6.8.0, legacy-6.1.0, mongodb-client-encryption-6.1.0 MOTOR-1304 Backlog PYTHON-4385 Fixed 4.8 PHPLIB-1436 Duplicate RUBY-3451 Fixed RUST-1921 Fixed 3.1.0

      Release artifacts published to officially supported channels MUST be signed with a MongoDB-owned or managed key.

      Drivers that only create git tags for releases (e.g. Python, PHPLIB) MUST sign release tags with a MongoDB-owned or managed key.

      Projects already signing releases (e.g. PGP keys via Evergreen secrets) satisfy this goal, but projects that have yet to implement signing SHOULD integrate Garasign.

      Drivers SHOULD integrate release signing with automated releases.

      Drivers MUST provide documentation for users to verify release artifacts if they wish (e.g. using tools to check binaries using published signature files).

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: