1 |
On 07/29/11 19:55, Fabian Groffen wrote: |
2 |
> With a bit more than a week ahead of us for the next council meeting, |
3 |
> I'd like to start preparing the agenda, given that current practice |
4 |
> still is to send it out a week in advance. |
5 |
|
6 |
A small thing which I've brought up for discussion twice (and both times |
7 |
it was mostly ignored), but which I'd really like to see discussed or |
8 |
even agreed on: |
9 |
|
10 |
A simple policy making signed commits mandatory, plus a simple policy on |
11 |
key length, permissible encryption/signature algorithms, and a |
12 |
well-defined place where (public) keys are made available for verifying |
13 |
and checking the validity of the signatures. |
14 |
|
15 |
|
16 |
It would greatly improve the current status quo and remove any ambiguity |
17 |
which might motivate people to use a 4-bit key for signing to be within |
18 |
the letter of the law. |
19 |
|
20 |
|
21 |
Thanks, |
22 |
|
23 |
Patrick |