1 |
On Fri, Mar 25, 2011 at 3:15 AM, Torsten Veller <ml-en@××××××.wrote: |
2 |
> * Mike Frysinger <vapier@g.o>: |
3 |
>> On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: |
4 |
> [Manifest signing] |
5 |
>> > Does that get us any closer to GLEPs 57, 58, 59 (or generally |
6 |
>> > approaching the tree-signing/verifying group of problems)? |
7 |
>> |
8 |
>> yes |
9 |
> |
10 |
> I think, it's a "no". |
11 |
> The MetaManifest GLEP relies on a signed top-level "MetaManifest" which |
12 |
> hashes all sub Manifests, whether they are signed or not doesn't matter. |
13 |
|
14 |
that's *one* of the three gleps |
15 |
|
16 |
> Do you want to reject signed commits if |
17 |
> - keys are not publicly available [1] |
18 |
|
19 |
no. e-mail warnings will be issued so that the dev can upload it |
20 |
after the fact. |
21 |
|
22 |
> - signatures are from expired keys [2] |
23 |
|
24 |
not generally an issue since gpg itself will not allow it, but i guess |
25 |
we can be paranoid about it on the server to avoid people locally |
26 |
turning back their clocks after having snipped someones expired key. |
27 |
|
28 |
we might want to add an automatic e-mail warning to the developer when |
29 |
their key is about to expire (like 1 week). |
30 |
|
31 |
> - keys are revoked [3] |
32 |
|
33 |
yes |
34 |
|
35 |
> - keys are not listed in userinfo.xml (current or former devs) [4] |
36 |
|
37 |
no. you can sign a key with your personal key and that's good enough. |
38 |
-mike |