re: signing, we'd be remiss to not consider https://www.sigstore.dev/how-it-works On Tue, Sep 27, 2022 at 11:22 AM John Mulligan <phlogistonjohn@xxxxxxxxxxxxx> wrote: > > Hi all, > > As some of you are already aware the orchestration team is working on > refactoring the cephadm command line tool [1]. The first part of the effort: > building cephadm from source files into a consumable "binary" has been done. > > When we last discussed the effort in the CLT call a couple of points came up. > First, the current instructions for bootstrapping a system with cephadm > recommends downloading a script directly from github [2] (see "CURL-Based > Installation"). We'd like to keep the general workflow but would need a new > download location for it. Following that, there was a suggestion that > artifacts that are built and provided by the Ceph project should be signed. > > In order to proceed with the cephadm effort we're reaching out for help on > getting these tasks done. This is something we need assistance from those more > knowledgeable about the build and website infrastructure. I posted a work-in- > progress PR [3] that starts making related changes to the documentation, but > can't complete it until we have a more concrete plan on where people can > download (and verify) their bootstrap copy of cephadm. > > Anyone who has pointers to who are the best team members to follow up with > this effort - please let us know! > > Thank you. > > -- John Mulligan (on behalf of the Ceph Orchestration team ) > > [1] - https://pad.ceph.com/p/cephadm-refactoring > [2] - https://docs.ceph.com/en/latest/cephadm/install/ > [3] - https://github.com/ceph/ceph/pull/48180 > > > > _______________________________________________ > Dev mailing list -- dev@xxxxxxx > To unsubscribe send an email to dev-leave@xxxxxxx _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
