1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 03/25/2011 02:46 PM, Mike Frysinger wrote: |
5 |
> On Fri, Mar 25, 2011 at 4:53 AM, Andreas K. Huettel wrote: |
6 |
>> Of course now we can add additional requirements: |
7 |
>> |
8 |
>> * The key must have an userid that refers to an official Gentoo e-mail |
9 |
>> address. E.g. dilfridge@g.o |
10 |
> |
11 |
> no. there's no reason for this requirement, and it prevents proxy |
12 |
> maintenance long term. e-mail addresses do not verify identity, |
13 |
> verifying identify verifies identity. this is the point of the web of |
14 |
> trust. |
15 |
> -mike |
16 |
> |
17 |
|
18 |
We are somewhat limited in the amount that we can verify "identity." |
19 |
Sure you can get a decent web of trust from signing the keys of people |
20 |
you've met at conferences, however, there will be people outside of that |
21 |
web. What we need to verify is rather that the person who made the |
22 |
commit is someone who is authorized to make the commit and that it was |
23 |
in no way tampered with. |
24 |
|
25 |
- -- |
26 |
Dane Smith (c1pher) |
27 |
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86 |
28 |
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index |
29 |
-----BEGIN PGP SIGNATURE----- |
30 |
Version: GnuPG v2.0.17 (GNU/Linux) |
31 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
32 |
|
33 |
iQIcBAEBAgAGBQJNjOWQAAoJEEsurZwMLhUxKnMQAKKbtRbdIDK++MpSWEJKg4Un |
34 |
gBhlPRtZ4CxoNGh5DRcgHD4k6eq8a7fE9MjPuge9/prDfLjmFW7nr0FJ9olZzXoG |
35 |
F5qvsCerpPNN2dw6ccCotP3UQCPyjADdZ4mRvmcMdlWdzluq3rD631mzEw8+m4cM |
36 |
EJz1DF2q9Oi2Zca8wxlPXf3+11NqHt2bnMWQhkoWFDtAVLD+rPoIsZsV6mRz+ip7 |
37 |
uWX8TiMoZCJgRAA0NqCVph4B3kGzn+xcwHuvlcoK87j7ShZKJD4sh0W6GOoewq9A |
38 |
Ei+Idsgx+POYg7t8q5khD2tJQRBBSEnBqARgnMJnun6WA4w+Wls7Hw9nidttBXuY |
39 |
isbdOUy4t7G2W2l7juG83RuGxLJ4UQMKcD4dWMKcpgHmU5ZXl6W2q+lgMIf5oz6x |
40 |
SFk6UGxwf8QbJVL65tKQRytZfdJS1zGvtfdofTHLIYMofhobZH9TqqhZLr7Nf0l3 |
41 |
wPukQA7I212bfCjP3VNApVdAtAIJk353hWloGk0xOQBzMqHraIX7hnPxdHg+qVOo |
42 |
MjCTt9JnlynkwKqPUdrtyjTH3vXpHuyBqy4wSwpfoaJDetDAtsHOcoZxK9LR4xtl |
43 |
FQ8AdYADSDmMPSsbd1SrxLA4XM7BHJx1LolxzlGz4s08SnCaIHoVD9EChRr3IkL2 |
44 |
OFwD0Su4CZ9mQBjsYy8K |
45 |
=kuoA |
46 |
-----END PGP SIGNATURE----- |