From c051bcc0aebf8c157046191b64b392c7d09439e4 Mon Sep 17 00:00:00 2001
From: David Christiansen <david@davidchristiansen.dk>
Date: Fri, 13 Jan 2023 09:53:55 +0100
Subject: [PATCH] Update bootstrap root keys

Johan Tibell is not part of the signing process anymore, so his key is
removed.

I've also annotated the keys with their owners and public keys,
because every time we consult this, I end up spending a bunch of time
in a scratch buffer correlating key IDs, public key values, and
ownership attestations. Might as well save the work for next time,
with appropriate disclaimers added.
---
 cabal-install/src/Distribution/Client/Config.hs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/cabal-install/src/Distribution/Client/Config.hs b/cabal-install/src/Distribution/Client/Config.hs
index 023d6a6fdb..b829b51bd4 100644
--- a/cabal-install/src/Distribution/Client/Config.hs
+++ b/cabal-install/src/Distribution/Client/Config.hs
@@ -737,10 +737,23 @@ addInfoForKnownRepos other = other
 --
 defaultHackageRemoteRepoKeys :: [String]
 defaultHackageRemoteRepoKeys =
-    [ "fe331502606802feac15e514d9b9ea83fee8b6ffef71335479a2e68d84adc6b0",
+    -- Key owners and public keys are provided as a convenience to readers.
+    -- The canonical source for this mapping data is the hackage-root-keys
+    -- repository and Hackage's root.json file.
+    --
+    -- Links:
+    --  * https://github.com/haskell-infra/hackage-root-keys
+    --  * https://hackage.haskell.org/root.json
+    -- Please consult root.json on Hackage to map key IDs to public keys,
+    -- and the hackage-root-keys repository to map public keys to their
+    -- owners.
+    [ -- Adam Gundry (uRPdSiL3/MNsk50z6NB55ABo0OrrNDXigtCul4vtzmw=)
+      "fe331502606802feac15e514d9b9ea83fee8b6ffef71335479a2e68d84adc6b0",
+      -- Gershom Bazerman (bYoUXXQ9TtX10UriaMiQtTccuXPGnmldP68djzZ7cLo=)
       "1ea9ba32c526d1cc91ab5e5bd364ec5e9e8cb67179a471872f6e26f0ae773d42",
-      "2c6c3627bd6c982990239487f1abd02e08a02e6cf16edb105a8012d444d870c3",
+      -- John Wiegley (zazm5w480r+zPO6Z0+8fjGuxZtb9pAuoVmQ+VkuCvgU=)
       "0a5c7ea47cd1b15f01f5f51a33adda7e655bc0f0b0615baa8e271f4c3351e21d",
+      -- Norman Ramsey (ZI8di3a9Un0s2RBrt5GwVRvfOXVuywADfXGPZfkiDb0=)
       "51f0161b906011b52c6613376b1ae937670da69322113a246a09f807c62f6921"
     ]
 
-- 
GitLab