| 1 |
On Sun, Sep 21, 2014 at 2:13 PM, Ulrich Mueller <ulm@g.o> wrote: |
| 2 |
>>>>>> On Sun, 21 Sep 2014, Michał Górny wrote: |
| 3 |
> |
| 4 |
>> Do you really consider keeping a key open for machine signing |
| 5 |
>> somewhat secure? |
| 6 |
> |
| 7 |
> You mean, as compared to manifests (or commits) signed by 250 |
| 8 |
> different developers' keys? |
| 9 |
> |
| 10 |
> Ulrich |
| 11 |
|
| 12 |
Unrelated to git discussion, in the past we discussed co-sign, so that |
| 13 |
developer signs using short term key, and infra co-sign using long |
| 14 |
term key if the developer sign is valid at that time. Portage infra |
| 15 |
should relay on infra key signature, while tractability is available |
| 16 |
up to developer. |
| 17 |
|
| 18 |
I will take the opportunity of responding to write that my preference |
| 19 |
is to keep the manifest signature detached from the version management |
| 20 |
technology, with no git specific feature usage, nor git specific |
| 21 |
development (signed hrefs). It will enable much easier use of each |
| 22 |
technology, one for file management and the other for security, while |
| 23 |
enabling rebase and reorg without effecting integrity. If we can |
| 24 |
establish co-sign I will be very happy. |
| 25 |
|
| 26 |
Regards, |
| 27 |
Alon |
Archives