Update bootstrap root keys #8669
Conversation
|
The failure is a known problem due to custom setup, etc.: cabal/cabal-testsuite/cabal-testsuite.cabal Lines 113 to 118 in bcfc79c and due to the default cabal.project being designed for devs trying to test the whole repo. Perhaps it'd work using this commandline bit from README (not tested): |
|
This worked: Perhaps it should be added to |
|
I also can't see where to put that option in |
Does
Sure. In what context? In which chapter? In what usecase? |
No clue about HLS. In the worst case overwrite |
Yes, that works fine.
I'd stick it up high, perhaps right in the first section, as an option that might need to be added. That's where most documentation of build commands is, so that's where I looked and didn't find the answer. |
|
RE HLS, it should be possible to run it on projects that need custom Cabal arguments to build. I'll check in with them, and contribute some docs if something can be done other than mutating the repo :-) |
|
If mutating the repo is unavoidable, perhaps our cabal.project should be empty and the options moved to cabal.project.local, because this the file for local mutation and customarily in .gitignore. However, this predates me (as almost everything), so I'd need to ask around and then I'd be told I'm silly and not to touch anything at my peril. ;D |
|
Having multiple project files is common, really. It would be good if it were easier with HLS! I opened haskell/haskell-language-server#3451 to hopefully work this out. Thanks! |
|
Shouldn't we add tom and lennart? |
They seem to not be active, and their key IDs haven't been in the root.json as far back as I can see, so I think that they should not be included in the bootstrap set. |
|
@gbaz just a gentle ping here |
|
Thanks! @david-christiansen do you want to put the merge-me label on this to hand it over to the merge bot? |
|
I'm not particularly familiar with Cabal development procedures, but if that's the next step, then I can do it. As a drive-by contributor, it does surprise me a bit that I put the label on, rather than a maintainer doing so. Should I? |
|
All right then! Thanks! |
mergify
bot
added
the
merge delay passed
Johan Tibell is not part of the signing process anymore, so his key is removed. I've also annotated the keys with their owners and public keys, because every time we consult this, I end up spending a bunch of time in a scratch buffer correlating key IDs, public key values, and ownership attestations. Might as well save the work for next time, with appropriate disclaimers added.
|
To get the future behavior now, you can configure Or you can create a dedicated github account for squash and rebase operations, and use it in different |
cocreature
force-pushed
the
root-key-update
branch
from
1452a04
to
c051bcc
Compare
|
Does it need to be in cabal 3.10? If so, we should backport. @david-christiansen, @gbaz |
|
I don't think it needs a backport. This is an improvement in documentation, and a removal of an unused key that we have no reason to think was compromised (and even if it were, two others would need to be compromised for an attack). We'll hopefully get new signing keys instituted soon, which will be more important, but we're not there yet. |
Johan Tibell is not part of the signing process anymore, so his key is removed.
I've also annotated the keys with their owners and public keys, because every time we consult this, I end up spending a bunch of time in a scratch buffer correlating key IDs, public key values, and ownership attestations. Might as well save the work for next time, with appropriate disclaimers added.
Please include the following checklist in your PR:
Please also shortly describe how you tested your change. Bonus points for added tests!
I was unable to test the changes, as I can't build the contents of the repo right now:
So I'll rely on CI.