A subset of versions between 1.65.0 and 1.94.1, inclusive on both sides, had a bug in our Git tag signing code that created unverifiable signatures. This bug was introduced in rust-lang/promote-release#42 and should now be fixed with rust-lang/promote-release#104 for future tags (to be fully verified when 1.95.0 is released). The specific bug is that the signature was made over a tag at time X while the actual tag may have had a different tag time Y. In practice these differed by at most 1 second.
We discussed briefly with @rust-lang/security and decided that there's nothing that needs to be private for this, so filing an issue for public discussion on next steps. Roughly we need to decide on:
- What kind of public communications we should issue (e.g., on the blog)
- Whether we want to update in-place old tags (e.g., replacing the message with an accurately dated one, while not touching signatures). Note that this can be done with zero access to the private key (just write access to GitHub).
I'm leaving out of scope whether we want to keep signing Git tags going forward, that can be decided separately and isn't super relevant to what we do with historical tags. (It is slightly relevant in that the lack of any communication to the project about this suggests no one actually cares about the Git tag signatures.)
Affected versions, along with timestamps for tag + signatures. I've verified locally that all of the tags pass verification if the tag payload is updated to have the same timestamp as the signature before verifying against the public key.
1.65.0 verified with tag timestamp 1667484517 replaced with signature timestamp 1667484516 (delta: 1)
1.66.0 verified with tag timestamp 1671120663 replaced with signature timestamp 1671120662 (delta: 1)
1.66.1 verified with tag timestamp 1673394800 replaced with signature timestamp 1673394799 (delta: 1)
1.67.1 verified with tag timestamp 1675956747 replaced with signature timestamp 1675956746 (delta: 1)
1.68.0 verified with tag timestamp 1678373120 replaced with signature timestamp 1678373119 (delta: 1)
1.68.1 verified with tag timestamp 1679581283 replaced with signature timestamp 1679581282 (delta: 1)
1.68.2 verified with tag timestamp 1680008162 replaced with signature timestamp 1680008161 (delta: 1)
1.70.0 verified with tag timestamp 1685645566 replaced with signature timestamp 1685645565 (delta: 1)
1.71.0 verified with tag timestamp 1689257048 replaced with signature timestamp 1689257047 (delta: 1)
1.71.1 verified with tag timestamp 1691086303 replaced with signature timestamp 1691086302 (delta: 1)
1.72.0 verified with tag timestamp 1692884807 replaced with signature timestamp 1692884806 (delta: 1)
1.72.1 verified with tag timestamp 1695132379 replaced with signature timestamp 1695132378 (delta: 1)
1.73.0 verified with tag timestamp 1696522231 replaced with signature timestamp 1696522230 (delta: 1)
1.74.0 verified with tag timestamp 1700142571 replaced with signature timestamp 1700142570 (delta: 1)
1.74.1 verified with tag timestamp 1701959035 replaced with signature timestamp 1701959034 (delta: 1)
1.76.0 verified with tag timestamp 1707401220 replaced with signature timestamp 1707401219 (delta: 1)
1.77.0 verified with tag timestamp 1711025824 replaced with signature timestamp 1711025823 (delta: 1)
1.77.1 verified with tag timestamp 1711628578 replaced with signature timestamp 1711628577 (delta: 1)
1.77.2 verified with tag timestamp 1712698776 replaced with signature timestamp 1712698775 (delta: 1)
1.79.0 verified with tag timestamp 1718287478 replaced with signature timestamp 1718287477 (delta: 1)
1.80.0 verified with tag timestamp 1721908957 replaced with signature timestamp 1721908956 (delta: 1)
1.82.0 verified with tag timestamp 1729183468 replaced with signature timestamp 1729183467 (delta: 1)
1.83.0 verified with tag timestamp 1732802513 replaced with signature timestamp 1732802512 (delta: 1)
1.84.1 verified with tag timestamp 1738262759 replaced with signature timestamp 1738262758 (delta: 1)
1.85.1 verified with tag timestamp 1742319689 replaced with signature timestamp 1742319688 (delta: 1)
1.86.0 verified with tag timestamp 1743673352 replaced with signature timestamp 1743673351 (delta: 1)
1.87.0 verified with tag timestamp 1747330093 replaced with signature timestamp 1747330092 (delta: 1)
1.90.0 verified with tag timestamp 1758202281 replaced with signature timestamp 1758202280 (delta: 1)
1.91.0 verified with tag timestamp 1761848974 replaced with signature timestamp 1761848973 (delta: 1)
1.92.0 verified with tag timestamp 1765465099 replaced with signature timestamp 1765465098 (delta: 1)
1.93.0 verified with tag timestamp 1769089904 replaced with signature timestamp 1769089903 (delta: 1)
1.94.0 verified with tag timestamp 1772736247 replaced with signature timestamp 1772736246 (delta: 1)
1.94.1 verified with tag timestamp 1774530191 replaced with signature timestamp 1774530190 (delta: 1)
A subset of versions between 1.65.0 and 1.94.1, inclusive on both sides, had a bug in our Git tag signing code that created unverifiable signatures. This bug was introduced in rust-lang/promote-release#42 and should now be fixed with rust-lang/promote-release#104 for future tags (to be fully verified when 1.95.0 is released). The specific bug is that the signature was made over a tag at time X while the actual tag may have had a different tag time Y. In practice these differed by at most 1 second.
We discussed briefly with @rust-lang/security and decided that there's nothing that needs to be private for this, so filing an issue for public discussion on next steps. Roughly we need to decide on:
I'm leaving out of scope whether we want to keep signing Git tags going forward, that can be decided separately and isn't super relevant to what we do with historical tags. (It is slightly relevant in that the lack of any communication to the project about this suggests no one actually cares about the Git tag signatures.)
Affected versions, along with timestamps for tag + signatures. I've verified locally that all of the tags pass verification if the tag payload is updated to have the same timestamp as the signature before verifying against the public key.