1 |
On 03/25/11 15:15, Torsten Veller wrote: |
2 |
> * Mike Frysinger <vapier@g.o>: |
3 |
>> On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: |
4 |
> [Manifest signing] |
5 |
>>> Does that get us any closer to GLEPs 57, 58, 59 (or generally |
6 |
>>> approaching the tree-signing/verifying group of problems)? |
7 |
>> |
8 |
>> yes |
9 |
> |
10 |
> I think, it's a "no". |
11 |
> The MetaManifest GLEP relies on a signed top-level "MetaManifest" which |
12 |
> hashes all sub Manifests, whether they are signed or not doesn't matter. |
13 |
|
14 |
I'd say that those are two independent issues. But by starting to figure |
15 |
out how to force signed commits for everyone we at least get the |
16 |
infrastructure done. |
17 |
|
18 |
As long as we have no strict guidelines I don't see any advantage of |
19 |
using signed commits, so I've never used them. Getting a coherent policy |
20 |
for that sounds like a really good idea |
21 |
(key length, expiry time, availability on keyservers etc.) |
22 |
> |
23 |
> I don't see a major advantage to signed portage snapshots we already |
24 |
> offer today. |
25 |
> |
26 |
> |
27 |
> Do you want to reject signed commits if |
28 |
> - keys are not publicly available [1] |
29 |
> - signatures are from expired keys [2] |
30 |
> - keys are revoked [3] |
31 |
> - keys are not listed in userinfo.xml (current or former devs) [4] |
32 |
|
33 |
Yes, yes, yes, and yes :) |
34 |
But since we don't have policies in place yet it's a bit of a mess right |
35 |
now. |
36 |
|
37 |
So. What parameters do we need to agree on? |
38 |
|
39 |
And what's a realistic timeframe *if* we decide to go ahead with it? |
40 |
|
41 |
Waiting for good answers :) |
42 |
|
43 |
Patrick |
44 |
-- |
45 |
Patrick Lauer http://service.gentooexperimental.org |
46 |
|
47 |
Gentoo Council Member and Evangelist |
48 |
Part of Gentoo Benchmarks, Forensics, PostgreSQL, KDE herds |