Trust Registry EN

Trust Policies

Signing requirements, rotation schedules, and emergency response procedures.

Active Policies

Production Release Signing Policy v2
signing-requirements Active

Defines the trusted key set, algorithm requirements, and rotation schedule for all production release artifact signing.

Trusted keys

ed25519-2026-primary min: high
ed25519-2025-secondary min: high
cloud-kms-2025-container min: high
keyless-gitea-actions min: medium
ed25519-2025-emergency-replacement min: high
Rotation: every 365 days · 44-day overlap
Effective Jan 15, 2025 · Review due Jan 15, 2027 · Approved by jdoe

Superseded Policies

Emergency Key Rotation Policy v1
Inactive

Response procedure for immediate key revocation and replacement on compromise or suspicious activity.

Production Release Signing Policy v1 (Superseded)
signing-requirements Inactive

Original signing policy. Superseded by v2 in January 2025.

Effective Jan 1, 2024