1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 08/01/2011 05:51 PM, Patrick Lauer wrote: |
5 |
> On 07/29/11 19:55, Fabian Groffen wrote: |
6 |
>> With a bit more than a week ahead of us for the next council meeting, |
7 |
>> I'd like to start preparing the agenda, given that current practice |
8 |
>> still is to send it out a week in advance. |
9 |
> |
10 |
> A small thing which I've brought up for discussion twice (and both times |
11 |
> it was mostly ignored), but which I'd really like to see discussed or |
12 |
> even agreed on: |
13 |
> |
14 |
> A simple policy making signed commits mandatory, plus a simple policy on |
15 |
> key length, permissible encryption/signature algorithms, and a |
16 |
> well-defined place where (public) keys are made available for verifying |
17 |
> and checking the validity of the signatures. |
18 |
> |
19 |
> |
20 |
|
21 |
IMHO: |
22 |
Key Length: 2048 |
23 |
Enc/Sig: RSA Signatures, sha256 hashes |
24 |
Last part: Still working on that. |
25 |
|
26 |
Which reminds me, I need to get moving on that. I've been swamped at |
27 |
work for the past couple weeks, so I've been scarce. More on all of this |
28 |
soon hopefully. |
29 |
|
30 |
> It would greatly improve the current status quo and remove any ambiguity |
31 |
> which might motivate people to use a 4-bit key for signing to be within |
32 |
> the letter of the law. |
33 |
> |
34 |
> |
35 |
> Thanks, |
36 |
> |
37 |
> Patrick |
38 |
> |
39 |
|
40 |
Regards, |
41 |
- -- |
42 |
Dane Smith (c1pher) |
43 |
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86 |
44 |
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index |
45 |
-----BEGIN PGP SIGNATURE----- |
46 |
Version: GnuPG v2.0.17 (GNU/Linux) |
47 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
48 |
|
49 |
iQIcBAEBCAAGBQJOOp2bAAoJEEsurZwMLhUx59AP/j30kq84rvYqdY/wX5jB5aTI |
50 |
EIZ5hzu4C+/Vug3GdBiYi/OJ8uupY/fx1BobVtfsNl0+xO0bVd7puwzet38nfCHi |
51 |
hpKFc0aSUaBv3iBFEBTg5X5ijLLT4YzjNDTbA6RdJDKlJqpr/n1fg7P/UY4CmrqH |
52 |
d7mJLUBmzjt6M+BqI/5HsCoRGvL7SPFNZDQFqnT1XvfZ9dWiM7R+OG3Z8rMa+TBh |
53 |
kjwE9GR6ABE3RtcLIGbNFNfzAerKTSn1IBzxNVw7K+slInl3PRxrQruyYyffgDk/ |
54 |
cpBtn2zbNuqyo2dHBq/Hp8kkJr0ksr5jnevAO973lgq2StuHIxwYQxaY57KV1Rhp |
55 |
inYUJGx+ayqSvqZr/8ZEof3QTfNdxhHz8cCCqRx3puNwRRMVSJiuBuriE+u3YYs2 |
56 |
Z0WPnxQjRL7/Z88EaSVdgBGIu/oxWjJIToozDk4Mk/A6S24sP84PtUVAO2RAvxfi |
57 |
1d40IdIlB6hKtEyh0Qdyt4pYRPJDkIonITexUvgQlCORrUh7yYoJ2rX4h7gxyMcG |
58 |
Bl8M9ZjDtzU84ndotV4hMX3E7QwrT6mGfEzO+FiGVCMFucqDo8xRa7NBPkwpoXzP |
59 |
16OLooJLBxoUK0Tqde6de2K6zXOBfan47zvyxz/7uLiCf1FEeh8hdwp7uvr1cCHZ |
60 |
jQE0VuCmI1L12dbyvAVq |
61 |
=zyVH |
62 |
-----END PGP SIGNATURE----- |