List Archive: gentoo-project
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 08/04/11 15:24, Dane Smith wrote:
>> A small thing which I've brought up for discussion twice (and both times
>> it was mostly ignored), but which I'd really like to see discussed or
>> even agreed on:
>> A simple policy making signed commits mandatory, plus a simple policy on
>> key length, permissible encryption/signature algorithms, and a
>> well-defined place where (public) keys are made available for verifying
>> and checking the validity of the signatures.
> Key Length: 2048
> Enc/Sig: RSA Signatures, sha256 hashes
As a first iteration I think this is "good enough", we can still discuss
the finer details (but I think that'll mostly be bikeshedding and should
not stop us now from defining an initial standard)
> Last part: Still working on that.
Can we store the keys in LDAP ?
If yes it would be trivial to write a cute little script that just
generates a tarball of them all and put it somewhere in the public webspace.