| 1 |
> > Do you want to reject signed commits if |
| 2 |
> > - keys are not publicly available [1] |
| 3 |
> |
| 4 |
> no. e-mail warnings will be issued so that the dev can upload it |
| 5 |
> after the fact. |
| 6 |
|
| 7 |
Why? I'm pretty sure someone will forget. (Or try to trick the system.) |
| 8 |
|
| 9 |
> > - keys are revoked [3] |
| 10 |
> |
| 11 |
> yes |
| 12 |
|
| 13 |
Only if the signature was made after the date/time of the revocation. |
| 14 |
|
| 15 |
> > - keys are not listed in userinfo.xml (current or former devs) [4] |
| 16 |
> |
| 17 |
> no. you can sign a key with your personal key and that's good enough. |
| 18 |
|
| 19 |
Heh. Yes, if there is a validity that can be checked in an automated way. Which means a signature on the userid. A chain of trust can of course be implemented in many ways, but requiring the user to download the entire strong set is not an option. :o) |
| 20 |
|
| 21 |
The @gentoo.org email addresses are advantageous because they provide a pre-existing identification. Which is as strong as we will ever get with this mechanism (I think). |
| 22 |
|
| 23 |
-- |
| 24 |
Andreas K. Huettel |
| 25 |
Gentoo Linux developer - kde, sci, arm, tex |
| 26 |
dilfridge@g.o |
| 27 |
http://www.akhuettel.de/ |
Archives