Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release]: Resign the JDBC driver and the TACO (expires on 2024-04-16) #3652

Closed
GumpacG opened this issue Jun 21, 2023 · 7 comments
Closed
Labels
release untriaged Issues that have not yet been triaged

Comments

@GumpacG
Copy link

GumpacG commented Jun 21, 2023

Did you read the on-boarding document

Yes

What is the name of your component?

  • OpenSearch JDBC driver
  • OpenSearch Tableau Connector

What is the link to your GitHub repo?

https://github.com/opensearch-project/sql-jdbc

Targeted release date

The signer certificate expires on 2024-04-16. Resigning should be before that.

Where should we publish this component?

artifacts: https://artifacts.opensearch.org/
download page: https://opensearch.org/downloads.html#drivers

What type of artifact(s) will be generated for this component?

Signed shadow jar and signed taco file.

Have you completed the required reviews including security reviews, UX reviews?

N/A

Have you on-boarded automated security scanning for the GitHub repo associated with this component?

Yes

Additional context

This is just a reminder to renew signer certificate before 2024-04-16 and publish resigned artifacts.

@GumpacG GumpacG added release untriaged Issues that have not yet been triaged labels Jun 21, 2023
@gaiksaya
Copy link
Member

@GumpacG I believe this issue covers it? #3468

@GumpacG
Copy link
Author

GumpacG commented Jun 22, 2023

@gaiksaya #3468 is for renewing the OpenSearch PGP key while this issue is for the jarsigner specifically.

@rishabh6788
Copy link
Collaborator

@GumpacG If I understand correctly the sign is valid till 2024-04-16 and since JarSigner team owns the signing infra, they will have to update the signer dates on their side.
Is the signed artifact not acceptable?

@GumpacG
Copy link
Author

GumpacG commented Jun 22, 2023

The artifacts are valid. I created this issue here as a reminder to get it resigned before expiration as this is where we got the driver and taco signed (#3614 & #3631). This issue is also going to be on the website for signature changelog similar to the PGP keys. Sorry, I'm not too sure what the protocol is for updating the website. Please let me know if this should be done a different way.

@rishabh6788
Copy link
Collaborator

rishabh6788 commented Jun 22, 2023

Got it. Does Tableau remind artifact owners before the signed artifact reaches expiry? We can use that as a trigger to resign the artifact instead of tracking in github issue?
If yes, we can then cut a github issue to resign and upload the artifacts.

@GumpacG
Copy link
Author

GumpacG commented Jun 22, 2023

Based on Tableau's documentation, I don't think that they do. With that being said, I actually got the dates wrong. The signer certificate expires on 2024-04-16, however the artifacts have timestamps valid until 2031-11-09.
To get this off opensearch-build's plate, what I can do is close this issue and create a tracking issue in https://github.com/opensearch-project/sql-jdbc/ in case we don't release new artifacts before 2031 to get artifacts resigned.
Does that sound alright?

@GumpacG
Copy link
Author

GumpacG commented Jun 22, 2023

Closing this issue to move to sql-jdbc repo. opensearch-project/sql-jdbc#97

@GumpacG GumpacG closed this as completed Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release untriaged Issues that have not yet been triaged
Projects
None yet
Development

No branches or pull requests

3 participants