Based on conversations with the Firefox signing team, we should probably:
- Obtain 2-3 keys per platform. These are:
- Self-signed/fake key for try and CI builds
- One for signing Nightly/Aurora builds
- One for signing Beta/Release builds
Obviously, since we don't have trains, probably just two for now (CI & Nightly).
- Currently, handle signing ourselves in our buildbot instances.
- There will be self-serve signing support in TaskCluster coming soon. Linux will be first. Windows and Mac are probably a couple of quarters out. Wait for Firefox to move to it and then it should be clear how to do it ourselves - it'll require a bunch of TC config (which containers, repos, branches, etc. to trust) and moving the key storage off of our machines and over to theirs.
cc @edunham @aneeshusa
Based on conversations with the Firefox signing team, we should probably:
Obviously, since we don't have trains, probably just two for now (CI & Nightly).
cc @edunham @aneeshusa