Skip to content

Improvement following online rotation #60

Open
Open
Improvement following online rotation#60
Labels
featureA new feature or a change to an existing one
@FaustXVI

Description

@FaustXVI
FaustXVI
opened on Apr 29, 2026

Origin

  • RD

Description

What could be even better in our product?

Following the first rotation of the online CA, here are some improvements :

  • The script of to check the CSR in the periodical checks should be runnable outside of nix shell (via nix run nixpks#vault-bin probably)
  • The stick need to be properly unmounted after it's creation. That a good argument to do Give the Backup to the stick creation script #28
  • The aia folder changed to orca/output/aia but the documentation of the ceremony still mentions orca/aia
  • We don't mention in the ceremony doc that if you signed a CSR, you need to import it.
  • We could avoid the sudo in the archive check since we only check the checksums. This can be done by removing the --same-owner which makes the sudo necessary
  • We don't mention that the signed report needs to be saved/backed-up

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureA new feature or a change to an existing one

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions