1 |
On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote: |
2 |
> On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote: |
3 |
> > On 29/09/11 16:02, Anthony G. Basile wrote: |
4 |
> >> Is there any chance that we can agree to reject |
5 |
> >> unsigned manifests? Possibly a question for the Council to adjudicate? |
6 |
> > |
7 |
> > I am happy to back a mandatory signing policy for the main gentoo-x86 |
8 |
> > tree. This is a simple yes or no question that the council can vote on. |
9 |
> |
10 |
> As previously discussed it would be nice to have some basic key policies |
11 |
> in place for that - they can be changed at any later time, but for now |
12 |
> we could agree on basic parameters like, say - |
13 |
> |
14 |
> at least 1024bit key length |
15 |
> at least 6 months validity from creation |
16 |
> one or more algorithms (initially DSA signatures and SHA1 hashing) |
17 |
|
18 |
there's nothing to decide as it was already outlined long ago in the docs: |
19 |
http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 |
20 |
|
21 |
if you want to *refine* that, then that's a different issue. but the devs |
22 |
already have all the info they need to start signing now. |
23 |
-mike |