1 |
On Mon, Aug 11, 2003 at 09:33:14AM -0400, Kurt Lieber wrote: |
2 |
> |
3 |
> The efforts we have underway with secure portage will require developers to |
4 |
> have and maintain a GPG key. It will also require them to place said key |
5 |
> on a public keyserver. |
6 |
> |
7 |
|
8 |
Cool, problem solved. |
9 |
|
10 |
> Well, at this point, I'm inclined to reject this GLEP and/or ask you to |
11 |
> re-work it to incorporate some of the changes suggested by myself and |
12 |
> others. Specifically: |
13 |
> |
14 |
|
15 |
Cool, it was just a proposal. |
16 |
|
17 |
> * Data needs to be maintained in one central repository. |
18 |
|
19 |
I never meant to dispute this, i have no problem with storing |
20 |
information wherever you like. The .plans, .projects and .pgpkeys in my |
21 |
proposal would be a means of easily distributing pgpkeys (for _NON_ |
22 |
portage use, eg personal keyrings, encrypting emails, verifying patches, |
23 |
etc, etc), and presenting information for interested users that would be |
24 |
up to the developer to maintain, eg status updates, project activities, etc. |
25 |
|
26 |
> * I'm not opposed to offering fingerd as a means of data transport, as long |
27 |
> as it pulls data from the central repository mentioned above. |
28 |
|
29 |
Well, im not so keen on that idea, although not totally opposed if your |
30 |
not open to discussion on it. |
31 |
|
32 |
The proposal was meant as a means for a developer to easily keep some |
33 |
information that applies to them personally, and their work on any |
34 |
projects, etc. And would be entirely up to them as to the format. |
35 |
|
36 |
> * I'd also be open to allowing devs the option of *supplementing* the |
37 |
> information available via fingerd by creating a .plan or whatever. |
38 |
> However, the core info (GPG key, name, herds info, etc.) needs to be |
39 |
> maintained in the central repository. |
40 |
|
41 |
This is essentially what i was proposing. |
42 |
|
43 |
> Basically, I see the benefits of offering fingerd as a service to our users |
44 |
> and am willing to support that, infrastructure-wise. |
45 |
|
46 |
Excellent! |
47 |
|
48 |
> I do not agree, however, that fingerd should be the *primary* method of distributing this |
49 |
> info. |
50 |
|
51 |
I totally agree, and would not have proposed this. |
52 |
|
53 |
> nor do I support the idea of storing critical information such as GPG |
54 |
> keys in developer home dirs -- at least not as the primary "official" |
55 |
> repository. |
56 |
|
57 |
well, if by primary repository you mean where secure portage will obtain |
58 |
the keys from, i dont mind that at all. The finger server in my proposal |
59 |
would be for the benfit of users, and other developers, not a means of |
60 |
implementing the improvements to portage. |
61 |
|
62 |
-- |
63 |
------------------------------------- |
64 |
taviso@××××××××××××.org | finger me for my gpg key. |
65 |
------------------------------------------------------- |
66 |
|
67 |
-- |
68 |
gentoo-dev@g.o mailing list |