| 1 |
W dniu pią, 06.07.2018 o godzinie 06∶36 +0000, użytkownik Robin H. |
| 2 |
Johnson napisał: |
| 3 |
> On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: |
| 4 |
> > Here's third version of the patches. I've incorporated the feedback |
| 5 |
> > so far and reordered the patches (again) to restore their |
| 6 |
> > degree-of-compatibility order. The full text is included below. |
| 7 |
> |
| 8 |
> ... |
| 9 |
> > v2 |
| 10 |
> > The distinct minimal and recommended expirations have been replaced |
| 11 |
> > by a single requirement. The rules have been simplified to use |
| 12 |
> > the same time of 2 years for both the primary key and subkeys. |
| 13 |
> |
| 14 |
> -the same time of 2 years ... |
| 15 |
> +the same 2 year maximum renewal time ... |
| 16 |
> |
| 17 |
> > An additional rule requesting key renewal 2 weeks before expiration |
| 18 |
> > has been added. This is in order to give services and other developers time |
| 19 |
> > to refresh the key. |
| 20 |
> |
| 21 |
> Do we want to state that infra will start contact devs before this, or |
| 22 |
> keep that as an implementation detail? |
| 23 |
|
| 24 |
Implementation detail. |
| 25 |
|
| 26 |
> |
| 27 |
> > 4. Expiration date on key and all subkeys set to at most 2 years |
| 28 |
> |
| 29 |
> -at most 2 years. |
| 30 |
> +at most 2 years from generation or refresh of expiry. |
| 31 |
|
| 32 |
Now, this won't really work because it's self-propagating date. You're |
| 33 |
soon going to see keys with 10 years to expiration because if you update |
| 34 |
the date 5 times from 'refresh of expiry', that's what you get. |
| 35 |
|
| 36 |
I get what you're trying to say but I can't really think of a sane way |
| 37 |
of stating that. Maybe I should just explicitly state '(plus the period |
| 38 |
specified in point 5)'. |
| 39 |
|
| 40 |
> |
| 41 |
> > Recommendations |
| 42 |
> > --------------- |
| 43 |
> |
| 44 |
> ... |
| 45 |
> > 3. Key expiration renewed annually |
| 46 |
> |
| 47 |
> Can we please suggest it's updated to a fixed day of the year? |
| 48 |
|
| 49 |
Sure. |
| 50 |
|
| 51 |
> |
| 52 |
> > Gentoo LDAP |
| 53 |
> > =========== |
| 54 |
> |
| 55 |
> ... |
| 56 |
> > All Gentoo developers must list the complete fingerprint for their primary |
| 57 |
> > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, |
| 58 |
> > uppercase, with optional spaces every 8 hex digits. Regular expression for |
| 59 |
> > validation:: |
| 60 |
> |
| 61 |
> Can we please drop the spaces in the field in LDAP. I don't care if we |
| 62 |
> display it with spaces, but dropping them in LDAP would be helpful. |
| 63 |
|
| 64 |
I'm all for it. I really do wonder how they ended up there in the first |
| 65 |
place. |
| 66 |
|
| 67 |
> |
| 68 |
> > Copyright |
| 69 |
> > ========= |
| 70 |
> > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. |
| 71 |
> |
| 72 |
> Please update the copyright date: |
| 73 |
> 2013,2018 |
| 74 |
> and add yourself as a copyright owner for the scale of these changes. |
| 75 |
> |
| 76 |
|
| 77 |
-- |
| 78 |
Best regards, |
| 79 |
Michał Górny |
Archives