rotate a keyholder in v13

[jku]

Most keyholders have been keyholders since the root-signing system started: it's a good time to start rotating more regularly.

• During the last signing I believe @dlorenc expressed willingness to step down: Dan, can you confirm if I remember correctly?
• We've talked to Lance Ball (Red Hat Trusted Artifact Signer engineering manager) already about potentially becoming a keyholder

Assuming both of you are happy with this, my proposal is to remove dan as (root, targets) signer and at the same time add Lance as (root, targets) signer.

Mechanically keyholder changes are approved by the existing keyholders, but obviously this is a community decision: if you have opinions or other suggestions, please leave a comment.

CC @sigstore/sigstore-keyholders

[jku]

If we do this, should update README as well since the signers are listed there

[lance]

I am happy to take this responsibility to help the community in whatever ways I can. 👍
Thanks!

[lance]

@jku I can submit a PR to the README after I get up to speed

[lance]

I have done all of the setup and configuration in https://github.com/sigstore/root-signing/blob/main/playbooks/tuf-on-ci/SIGNER.md and have successfully smoke-tested as described there.

[lance]

If we do this, should update README as well since the signers are listed there

See: #1500

[SantiagoTorres]

Hi all, I'm ok with this rotation, from a keyholder perspective. I see that @dlorenc didn't chime in yet, so I'll be going with lazy consensus. I'm ok with this rotation unless I hear otherwise from him before the deadline.

RE: lance ball as the new candidate, I think it'd be wise to get some LGTM's from the rest of the keyholders or the tsc, but I also +1 on this.

Mechanically keyholder changes are approved by the existing keyholders, but obviously this is a community decision: if you have opinions or other suggestions, please leave a comment.

Wearing the TSC hat for a bit, and looking at the governance, I believe this is ambiguous as to who decides who belongs in this role. The docs within this repo hint that it's keyholders who decide on a rotation. After all, rotating a key is a change in the TUF metadata which needs approval from the keyholders as you point out.

As an aside, #1484 refers to a slack discussion about this rotation, but it's been longer than the free tier of slack allows us to retain logs. I generally monitor that channel for changes, but I genuinely can't recall what discussion it was. I'd be wise to keep some archival version of it, or promote these discussions onto github in the future.

[lukehinds]

+1 , fine by me.

[bobcallaway]

+1

[dlorenc]

Yes, happy to step down!

[kommendorkapten]

Thanks for your service @dlorenc 🖖