1 |
W dniu pią, 06.07.2018 o godzinie 06∶36 +0000, użytkownik Robin H. |
2 |
Johnson napisał: |
3 |
> On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: |
4 |
> > Here's third version of the patches. I've incorporated the feedback |
5 |
> > so far and reordered the patches (again) to restore their |
6 |
> > degree-of-compatibility order. The full text is included below. |
7 |
> |
8 |
> ... |
9 |
> > v2 |
10 |
> > The distinct minimal and recommended expirations have been replaced |
11 |
> > by a single requirement. The rules have been simplified to use |
12 |
> > the same time of 2 years for both the primary key and subkeys. |
13 |
> |
14 |
> -the same time of 2 years ... |
15 |
> +the same 2 year maximum renewal time ... |
16 |
> |
17 |
> > An additional rule requesting key renewal 2 weeks before expiration |
18 |
> > has been added. This is in order to give services and other developers time |
19 |
> > to refresh the key. |
20 |
> |
21 |
> Do we want to state that infra will start contact devs before this, or |
22 |
> keep that as an implementation detail? |
23 |
|
24 |
Implementation detail. |
25 |
|
26 |
> |
27 |
> > 4. Expiration date on key and all subkeys set to at most 2 years |
28 |
> |
29 |
> -at most 2 years. |
30 |
> +at most 2 years from generation or refresh of expiry. |
31 |
|
32 |
Now, this won't really work because it's self-propagating date. You're |
33 |
soon going to see keys with 10 years to expiration because if you update |
34 |
the date 5 times from 'refresh of expiry', that's what you get. |
35 |
|
36 |
I get what you're trying to say but I can't really think of a sane way |
37 |
of stating that. Maybe I should just explicitly state '(plus the period |
38 |
specified in point 5)'. |
39 |
|
40 |
> |
41 |
> > Recommendations |
42 |
> > --------------- |
43 |
> |
44 |
> ... |
45 |
> > 3. Key expiration renewed annually |
46 |
> |
47 |
> Can we please suggest it's updated to a fixed day of the year? |
48 |
|
49 |
Sure. |
50 |
|
51 |
> |
52 |
> > Gentoo LDAP |
53 |
> > =========== |
54 |
> |
55 |
> ... |
56 |
> > All Gentoo developers must list the complete fingerprint for their primary |
57 |
> > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, |
58 |
> > uppercase, with optional spaces every 8 hex digits. Regular expression for |
59 |
> > validation:: |
60 |
> |
61 |
> Can we please drop the spaces in the field in LDAP. I don't care if we |
62 |
> display it with spaces, but dropping them in LDAP would be helpful. |
63 |
|
64 |
I'm all for it. I really do wonder how they ended up there in the first |
65 |
place. |
66 |
|
67 |
> |
68 |
> > Copyright |
69 |
> > ========= |
70 |
> > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. |
71 |
> |
72 |
> Please update the copyright date: |
73 |
> 2013,2018 |
74 |
> and add yourself as a copyright owner for the scale of these changes. |
75 |
> |
76 |
|
77 |
-- |
78 |
Best regards, |
79 |
Michał Górny |