Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [gentoo-dev-announce] please sign your manifests
Date: Tue, 12 Feb 2013 23:29:01
Message-Id: robbat2-20130212T232231-456669261Z@orbis-terrarum.net
In Reply to: [gentoo-dev] Re: [gentoo-dev-announce] please sign your manifests by Michael Weber
1 On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote:
2 > On 02/12/2013 10:14 PM, William Hubbs wrote:
3 > > If you have any questions on this, please feel free to let us
4 > > know.
5 > What is the rotation strategy for (near) outdated keys?
6 > Alter the key or create a new one? Sign the new with the old one?
7 If your keysize is still good, you should ideally update the expiry on
8 the key and re-upload it to keyservers.
9
10 > IMHO the answer to these questions is not obvious nor given by (our)
11 > docu [1].
12 I'm pretty sure it was in the devrel developer handbook at one point,
13 along with instructions to create your key, but I can't find it now.
14
15 > Maybe, add "keep ldap id/fingerprint synchronized" there, too.
16 http://www.gentoo.org/proj/en/infrastructure/ldap.xml#doc_chap3
17
18 --
19 Robin Hugh Johnson
20 Gentoo Linux: Developer, Trustee & Infrastructure Lead
21 E-Mail : robbat2@g.o
22 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85

Replies