...
In case a new built has to be released (even for a minor bug), the release will have a new version and will need to go through LF to be signed and released in Nexus Release repo.
Private Key Handling
The ONAP signing key is stored on a Yubikey token which is under then control of the LF Release Engineer.
Future Key Protections
To get ONAP moved to using sigul the staging jobs in use must be updated to use the global-jjb based jobs and must move off of the custom staging jobs that the ONAP community developed before global-jjb was in production. LF will only support sigul protection of signing keys via our standardized jobsLF has key protection controls in place. Sigul, and its integrated into the tool chain.
OpenDaylight (ODL) Signing Process
...