| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 03/25/2011 02:46 PM, Mike Frysinger wrote: |
| 5 |
> On Fri, Mar 25, 2011 at 4:53 AM, Andreas K. Huettel wrote: |
| 6 |
>> Of course now we can add additional requirements: |
| 7 |
>> |
| 8 |
>> * The key must have an userid that refers to an official Gentoo e-mail |
| 9 |
>> address. E.g. dilfridge@g.o |
| 10 |
> |
| 11 |
> no. there's no reason for this requirement, and it prevents proxy |
| 12 |
> maintenance long term. e-mail addresses do not verify identity, |
| 13 |
> verifying identify verifies identity. this is the point of the web of |
| 14 |
> trust. |
| 15 |
> -mike |
| 16 |
> |
| 17 |
|
| 18 |
We are somewhat limited in the amount that we can verify "identity." |
| 19 |
Sure you can get a decent web of trust from signing the keys of people |
| 20 |
you've met at conferences, however, there will be people outside of that |
| 21 |
web. What we need to verify is rather that the person who made the |
| 22 |
commit is someone who is authorized to make the commit and that it was |
| 23 |
in no way tampered with. |
| 24 |
|
| 25 |
- -- |
| 26 |
Dane Smith (c1pher) |
| 27 |
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86 |
| 28 |
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index |
| 29 |
-----BEGIN PGP SIGNATURE----- |
| 30 |
Version: GnuPG v2.0.17 (GNU/Linux) |
| 31 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 32 |
|
| 33 |
iQIcBAEBAgAGBQJNjOWQAAoJEEsurZwMLhUxKnMQAKKbtRbdIDK++MpSWEJKg4Un |
| 34 |
gBhlPRtZ4CxoNGh5DRcgHD4k6eq8a7fE9MjPuge9/prDfLjmFW7nr0FJ9olZzXoG |
| 35 |
F5qvsCerpPNN2dw6ccCotP3UQCPyjADdZ4mRvmcMdlWdzluq3rD631mzEw8+m4cM |
| 36 |
EJz1DF2q9Oi2Zca8wxlPXf3+11NqHt2bnMWQhkoWFDtAVLD+rPoIsZsV6mRz+ip7 |
| 37 |
uWX8TiMoZCJgRAA0NqCVph4B3kGzn+xcwHuvlcoK87j7ShZKJD4sh0W6GOoewq9A |
| 38 |
Ei+Idsgx+POYg7t8q5khD2tJQRBBSEnBqARgnMJnun6WA4w+Wls7Hw9nidttBXuY |
| 39 |
isbdOUy4t7G2W2l7juG83RuGxLJ4UQMKcD4dWMKcpgHmU5ZXl6W2q+lgMIf5oz6x |
| 40 |
SFk6UGxwf8QbJVL65tKQRytZfdJS1zGvtfdofTHLIYMofhobZH9TqqhZLr7Nf0l3 |
| 41 |
wPukQA7I212bfCjP3VNApVdAtAIJk353hWloGk0xOQBzMqHraIX7hnPxdHg+qVOo |
| 42 |
MjCTt9JnlynkwKqPUdrtyjTH3vXpHuyBqy4wSwpfoaJDetDAtsHOcoZxK9LR4xtl |
| 43 |
FQ8AdYADSDmMPSsbd1SrxLA4XM7BHJx1LolxzlGz4s08SnCaIHoVD9EChRr3IkL2 |
| 44 |
OFwD0Su4CZ9mQBjsYy8K |
| 45 |
=kuoA |
| 46 |
-----END PGP SIGNATURE----- |
Archives