1 |
On 16:33 Thu 04 Aug , Patrick Lauer wrote: |
2 |
> On 08/04/11 15:24, Dane Smith wrote: |
3 |
> >> A small thing which I've brought up for discussion twice (and both times |
4 |
> >> it was mostly ignored), but which I'd really like to see discussed or |
5 |
> >> even agreed on: |
6 |
> >> |
7 |
> >> A simple policy making signed commits mandatory, plus a simple policy on |
8 |
> >> key length, permissible encryption/signature algorithms, and a |
9 |
> >> well-defined place where (public) keys are made available for verifying |
10 |
> >> and checking the validity of the signatures. |
11 |
> >> |
12 |
> >> |
13 |
> > |
14 |
> > IMHO: |
15 |
> > Key Length: 2048 |
16 |
> > Enc/Sig: RSA Signatures, sha256 hashes |
17 |
> As a first iteration I think this is "good enough", we can still discuss |
18 |
> the finer details (but I think that'll mostly be bikeshedding and should |
19 |
> not stop us now from defining an initial standard) |
20 |
|
21 |
I'm happy to vote on a standard whenever you experts can come up with a |
22 |
concrete set of requirements to propose. |
23 |
|
24 |
-- |
25 |
Thanks, |
26 |
Donnie |
27 |
|
28 |
Donnie Berkholz |
29 |
Council Member / Sr. Developer |
30 |
Gentoo Linux |
31 |
Blog: http://dberkholz.com |