| 1 |
On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: |
| 2 |
> Here's third version of the patches. I've incorporated the feedback |
| 3 |
> so far and reordered the patches (again) to restore their |
| 4 |
> degree-of-compatibility order. The full text is included below. |
| 5 |
... |
| 6 |
> v2 |
| 7 |
> The distinct minimal and recommended expirations have been replaced |
| 8 |
> by a single requirement. The rules have been simplified to use |
| 9 |
> the same time of 2 years for both the primary key and subkeys. |
| 10 |
-the same time of 2 years ... |
| 11 |
+the same 2 year maximum renewal time ... |
| 12 |
|
| 13 |
> An additional rule requesting key renewal 2 weeks before expiration |
| 14 |
> has been added. This is in order to give services and other developers time |
| 15 |
> to refresh the key. |
| 16 |
Do we want to state that infra will start contact devs before this, or |
| 17 |
keep that as an implementation detail? |
| 18 |
|
| 19 |
> 4. Expiration date on key and all subkeys set to at most 2 years |
| 20 |
-at most 2 years. |
| 21 |
+at most 2 years from generation or refresh of expiry. |
| 22 |
|
| 23 |
> Recommendations |
| 24 |
> --------------- |
| 25 |
... |
| 26 |
> 3. Key expiration renewed annually |
| 27 |
Can we please suggest it's updated to a fixed day of the year? |
| 28 |
|
| 29 |
> Gentoo LDAP |
| 30 |
> =========== |
| 31 |
... |
| 32 |
> All Gentoo developers must list the complete fingerprint for their primary |
| 33 |
> keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, |
| 34 |
> uppercase, with optional spaces every 8 hex digits. Regular expression for |
| 35 |
> validation:: |
| 36 |
Can we please drop the spaces in the field in LDAP. I don't care if we |
| 37 |
display it with spaces, but dropping them in LDAP would be helpful. |
| 38 |
|
| 39 |
> Copyright |
| 40 |
> ========= |
| 41 |
> Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. |
| 42 |
Please update the copyright date: |
| 43 |
2013,2018 |
| 44 |
and add yourself as a copyright owner for the scale of these changes. |
| 45 |
|
| 46 |
-- |
| 47 |
Robin Hugh Johnson |
| 48 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 49 |
E-Mail : robbat2@g.o |
| 50 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 51 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives