| 1 |
On Thu, Sep 29, 2011 at 11:11 AM, Patrick Lauer <patrick@g.o> wrote: |
| 2 |
> Otherwise some funny person will use a 4-bit key that expires tomorrow |
| 3 |
> just to point out the missing details ... |
| 4 |
> |
| 5 |
|
| 6 |
<div mode=rant> |
| 7 |
I think this is becoming a big problem with Gentoo. There is |
| 8 |
something to be said for planning, but I think we have a tendency to |
| 9 |
bikeshed things to death before we do ANYTHING. |
| 10 |
|
| 11 |
All because when somebody goes and uses a 4-bit key we feel some kind |
| 12 |
of paralysis about taking action. People that take obvious steps to |
| 13 |
skirt policies should simply be disciplined. I'm not talking about |
| 14 |
the guy with an old 512-bit key or whatever, or people that change |
| 15 |
after being asked nicely to do so. When it is obvious that people are |
| 16 |
just messing with the distro to prove a point then they are excluding |
| 17 |
themselves from the community. |
| 18 |
|
| 19 |
We allow ourselves to be held hostage to anybody who can find a |
| 20 |
loophole in the rules, and that just leads to 40 bazillion rules and |
| 21 |
refusal to move forward until we have at least 50 rules to start with. |
| 22 |
If a rule is stupid just say it. If you think a council member who |
| 23 |
voted for it is stupid, be polite but call them on it. What we don't |
| 24 |
do is just ignore the rules, or try to end-run them. |
| 25 |
</div> |
| 26 |
|
| 27 |
I'd just encourage the council to not wait for the perfect |
| 28 |
specification to move forward with this or anything else. I applaud |
| 29 |
efforts like PMS and I think they add value. However, specs/rules are |
| 30 |
a tool to serve the community, and not enslave us. |
| 31 |
|
| 32 |
Why not just keep this simple: |
| 33 |
1. Key >= 1024 bits. |
| 34 |
2. Validity >= 6 months. |
| 35 |
3. Signature readable by stable gpg in tree. |
| 36 |
|
| 37 |
Rich |
Archives