Gentoo Archives: gentoo-project

From: Donnie Berkholz <dberkholz@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Preparations Council meeting 2011-08-09
Date: Thu, 04 Aug 2011 19:56:32
Message-Id: 20110804195600.GD4840@comet.ucsd.edu
In Reply to: Re: [gentoo-project] Preparations Council meeting 2011-08-09 by Patrick Lauer
1 On 16:33 Thu 04 Aug , Patrick Lauer wrote:
2 > On 08/04/11 15:24, Dane Smith wrote:
3 > >> A small thing which I've brought up for discussion twice (and both times
4 > >> it was mostly ignored), but which I'd really like to see discussed or
5 > >> even agreed on:
6 > >>
7 > >> A simple policy making signed commits mandatory, plus a simple policy on
8 > >> key length, permissible encryption/signature algorithms, and a
9 > >> well-defined place where (public) keys are made available for verifying
10 > >> and checking the validity of the signatures.
11 > >>
12 > >>
13 > >
14 > > IMHO:
15 > > Key Length: 2048
16 > > Enc/Sig: RSA Signatures, sha256 hashes
17 > As a first iteration I think this is "good enough", we can still discuss
18 > the finer details (but I think that'll mostly be bikeshedding and should
19 > not stop us now from defining an initial standard)
20
21 I'm happy to vote on a standard whenever you experts can come up with a
22 concrete set of requirements to propose.
23
24 --
25 Thanks,
26 Donnie
27
28 Donnie Berkholz
29 Council Member / Sr. Developer
30 Gentoo Linux
31 Blog: http://dberkholz.com