Who has access to the signing keys?

Solidification

I would like to know who has access to the signing keys for the releases and updates of Grapheneos. Like, is it just one dev, or are more than one required? Could just one dev sign a malicious update, or are other ones able to stop an insider attack like that?

I didn't think such an attack is likely, but the theory is interesting nonetheless.

Thanks

de0u

Solidification That is an interesting question. In the same vein, I would like to know who has the signing keys for macOS and Debian and Ubuntu. I realize this isn't the discussion forum for any of those operating systems... but is it common for the list of individuals with signing authority to be public?

ryrona

de0u The question was about how many has pieces of the signing key, and how many pieces are required to sign a release. Specifically if a single compromise of a person would compromise the signing key. At least that is how I understood the question, not naming any specific persons.

All we know if that there are not multiple signing keys, but just a single. But that single key can still be split up so multiple developers need to sign each release together, for better protection against compromise of single developer. The same signing key can also be shared with multiple developers in full, for example by multiple developers having access to the HSM the full key is stored in, to still be able to sign releases if a single developer goes missing, but at the expense of now multiple developers being able to sign a release all by themselves reducing security. None of these details can we see, but have to be told.