Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
On 08/04/11 15:24, Dane Smith wrote:
>> A small thing which I've brought up for discussion twice (and both times
>> it was mostly ignored), but which I'd really like to see discussed or
>> even agreed on:
>>
>> A simple policy making signed commits mandatory, plus a simple policy on
>> key length, permissible encryption/signature algorithms, and a
>> well-defined place where (public) keys are made available for verifying
>> and checking the validity of the signatures.
>>
>>
>
> IMHO:
> Key Length: 2048
> Enc/Sig: RSA Signatures, sha256 hashes
As a first iteration I think this is "good enough", we can still discuss
the finer details (but I think that'll mostly be bikeshedding and should
not stop us now from defining an initial standard)
> Last part: Still working on that.
Can we store the keys in LDAP ?
If yes it would be trivial to write a cute little script that just
generates a tarball of them all and put it somewhere in the public webspace.
|
|
