1 |
On Thursday, September 29, 2011 12:48:35 Mr. Aaron W. Swenson wrote: |
2 |
> Well, there's a bit more to it than that. 'repoman' must enforce the usage |
3 |
> of keys or die if it can't. |
4 |
|
5 |
there's already bugs open for this. 298605 and 313601. if you want to |
6 |
accelerate things, then chip in and update repoman. |
7 |
|
8 |
> Also, the Dev Handbook only says 'can', it needs to be changed to |
9 |
> 'must'. |
10 |
|
11 |
that is the summary of the article which describes what the page is for, not |
12 |
the policy it enforces. |
13 |
|
14 |
> I'd also drop the bit about expiration. Instead, I'd change it to |
15 |
> read "expires no sooner than 6 months". You know, to give the key a moment |
16 |
> to be recognized by some people, perhaps even marginally trusted by |
17 |
> someone. |
18 |
|
19 |
i'm fine with extending the length of the key. i think last time this came |
20 |
up, so was everyone else. the point was more disallowing keys that never |
21 |
expire. |
22 |
|
23 |
but this doesn't stop anyone from signing their manifests today. |
24 |
|
25 |
> What really matters is that it is an unexpired, valid key. |
26 |
|
27 |
no, what matters is that the key is unexpired/valid at the time the signature |
28 |
was made, and not revoked after that (simply because it expired ... revoking |
29 |
because of compromise is obviously OK). |
30 |
-mike |