1 |
On Thu, Sep 29, 2011 at 11:11 AM, Patrick Lauer <patrick@g.o> wrote: |
2 |
> Otherwise some funny person will use a 4-bit key that expires tomorrow |
3 |
> just to point out the missing details ... |
4 |
> |
5 |
|
6 |
<div mode=rant> |
7 |
I think this is becoming a big problem with Gentoo. There is |
8 |
something to be said for planning, but I think we have a tendency to |
9 |
bikeshed things to death before we do ANYTHING. |
10 |
|
11 |
All because when somebody goes and uses a 4-bit key we feel some kind |
12 |
of paralysis about taking action. People that take obvious steps to |
13 |
skirt policies should simply be disciplined. I'm not talking about |
14 |
the guy with an old 512-bit key or whatever, or people that change |
15 |
after being asked nicely to do so. When it is obvious that people are |
16 |
just messing with the distro to prove a point then they are excluding |
17 |
themselves from the community. |
18 |
|
19 |
We allow ourselves to be held hostage to anybody who can find a |
20 |
loophole in the rules, and that just leads to 40 bazillion rules and |
21 |
refusal to move forward until we have at least 50 rules to start with. |
22 |
If a rule is stupid just say it. If you think a council member who |
23 |
voted for it is stupid, be polite but call them on it. What we don't |
24 |
do is just ignore the rules, or try to end-run them. |
25 |
</div> |
26 |
|
27 |
I'd just encourage the council to not wait for the perfect |
28 |
specification to move forward with this or anything else. I applaud |
29 |
efforts like PMS and I think they add value. However, specs/rules are |
30 |
a tool to serve the community, and not enslave us. |
31 |
|
32 |
Why not just keep this simple: |
33 |
1. Key >= 1024 bits. |
34 |
2. Validity >= 6 months. |
35 |
3. Signature readable by stable gpg in tree. |
36 |
|
37 |
Rich |