1 |
> > Do you want to reject signed commits if |
2 |
> > - keys are not publicly available [1] |
3 |
> |
4 |
> no. e-mail warnings will be issued so that the dev can upload it |
5 |
> after the fact. |
6 |
|
7 |
Why? I'm pretty sure someone will forget. (Or try to trick the system.) |
8 |
|
9 |
> > - keys are revoked [3] |
10 |
> |
11 |
> yes |
12 |
|
13 |
Only if the signature was made after the date/time of the revocation. |
14 |
|
15 |
> > - keys are not listed in userinfo.xml (current or former devs) [4] |
16 |
> |
17 |
> no. you can sign a key with your personal key and that's good enough. |
18 |
|
19 |
Heh. Yes, if there is a validity that can be checked in an automated way. Which means a signature on the userid. A chain of trust can of course be implemented in many ways, but requiring the user to download the entire strong set is not an option. :o) |
20 |
|
21 |
The @gentoo.org email addresses are advantageous because they provide a pre-existing identification. Which is as strong as we will ever get with this mechanism (I think). |
22 |
|
23 |
-- |
24 |
Andreas K. Huettel |
25 |
Gentoo Linux developer - kde, sci, arm, tex |
26 |
dilfridge@g.o |
27 |
http://www.akhuettel.de/ |