| 1 |
On Mon, Aug 11, 2003 at 09:33:14AM -0400, Kurt Lieber wrote: |
| 2 |
> |
| 3 |
> The efforts we have underway with secure portage will require developers to |
| 4 |
> have and maintain a GPG key. It will also require them to place said key |
| 5 |
> on a public keyserver. |
| 6 |
> |
| 7 |
|
| 8 |
Cool, problem solved. |
| 9 |
|
| 10 |
> Well, at this point, I'm inclined to reject this GLEP and/or ask you to |
| 11 |
> re-work it to incorporate some of the changes suggested by myself and |
| 12 |
> others. Specifically: |
| 13 |
> |
| 14 |
|
| 15 |
Cool, it was just a proposal. |
| 16 |
|
| 17 |
> * Data needs to be maintained in one central repository. |
| 18 |
|
| 19 |
I never meant to dispute this, i have no problem with storing |
| 20 |
information wherever you like. The .plans, .projects and .pgpkeys in my |
| 21 |
proposal would be a means of easily distributing pgpkeys (for _NON_ |
| 22 |
portage use, eg personal keyrings, encrypting emails, verifying patches, |
| 23 |
etc, etc), and presenting information for interested users that would be |
| 24 |
up to the developer to maintain, eg status updates, project activities, etc. |
| 25 |
|
| 26 |
> * I'm not opposed to offering fingerd as a means of data transport, as long |
| 27 |
> as it pulls data from the central repository mentioned above. |
| 28 |
|
| 29 |
Well, im not so keen on that idea, although not totally opposed if your |
| 30 |
not open to discussion on it. |
| 31 |
|
| 32 |
The proposal was meant as a means for a developer to easily keep some |
| 33 |
information that applies to them personally, and their work on any |
| 34 |
projects, etc. And would be entirely up to them as to the format. |
| 35 |
|
| 36 |
> * I'd also be open to allowing devs the option of *supplementing* the |
| 37 |
> information available via fingerd by creating a .plan or whatever. |
| 38 |
> However, the core info (GPG key, name, herds info, etc.) needs to be |
| 39 |
> maintained in the central repository. |
| 40 |
|
| 41 |
This is essentially what i was proposing. |
| 42 |
|
| 43 |
> Basically, I see the benefits of offering fingerd as a service to our users |
| 44 |
> and am willing to support that, infrastructure-wise. |
| 45 |
|
| 46 |
Excellent! |
| 47 |
|
| 48 |
> I do not agree, however, that fingerd should be the *primary* method of distributing this |
| 49 |
> info. |
| 50 |
|
| 51 |
I totally agree, and would not have proposed this. |
| 52 |
|
| 53 |
> nor do I support the idea of storing critical information such as GPG |
| 54 |
> keys in developer home dirs -- at least not as the primary "official" |
| 55 |
> repository. |
| 56 |
|
| 57 |
well, if by primary repository you mean where secure portage will obtain |
| 58 |
the keys from, i dont mind that at all. The finger server in my proposal |
| 59 |
would be for the benfit of users, and other developers, not a means of |
| 60 |
implementing the improvements to portage. |
| 61 |
|
| 62 |
-- |
| 63 |
------------------------------------- |
| 64 |
taviso@××××××××××××.org | finger me for my gpg key. |
| 65 |
------------------------------------------------------- |
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-dev@g.o mailing list |
Archives