1 |
On Sun, Sep 21, 2014 at 2:13 PM, Ulrich Mueller <ulm@g.o> wrote: |
2 |
>>>>>> On Sun, 21 Sep 2014, Michał Górny wrote: |
3 |
> |
4 |
>> Do you really consider keeping a key open for machine signing |
5 |
>> somewhat secure? |
6 |
> |
7 |
> You mean, as compared to manifests (or commits) signed by 250 |
8 |
> different developers' keys? |
9 |
> |
10 |
> Ulrich |
11 |
|
12 |
Unrelated to git discussion, in the past we discussed co-sign, so that |
13 |
developer signs using short term key, and infra co-sign using long |
14 |
term key if the developer sign is valid at that time. Portage infra |
15 |
should relay on infra key signature, while tractability is available |
16 |
up to developer. |
17 |
|
18 |
I will take the opportunity of responding to write that my preference |
19 |
is to keep the manifest signature detached from the version management |
20 |
technology, with no git specific feature usage, nor git specific |
21 |
development (signed hrefs). It will enable much easier use of each |
22 |
technology, one for file management and the other for security, while |
23 |
enabling rebase and reorg without effecting integrity. If we can |
24 |
establish co-sign I will be very happy. |
25 |
|
26 |
Regards, |
27 |
Alon |