1 |
On 13 February 2013 15:07, Michael Weber <xmw@g.o> wrote: |
2 |
> On 02/13/2013 12:28 AM, Robin H. Johnson wrote: |
3 |
>> On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote: |
4 |
>>> On 02/12/2013 10:14 PM, William Hubbs wrote: |
5 |
>>>> If you have any questions on this, please feel free to let us |
6 |
>>>> know. |
7 |
>>> What is the rotation strategy for (near) outdated keys? |
8 |
>>> Alter the key or create a new one? Sign the new with the old one? |
9 |
>> If your keysize is still good, you should ideally update the expiry on |
10 |
>> the key and re-upload it to keyservers. |
11 |
> Can you commit this to the document, please? |
12 |
> |
13 |
>>> IMHO the answer to these questions is not obvious nor given by (our) |
14 |
>>> docu [1]. |
15 |
>> I'm pretty sure it was in the devrel developer handbook at one point, |
16 |
>> along with instructions to create your key, but I can't find it now. |
17 |
>> |
18 |
>>> Maybe, add "keep ldap id/fingerprint synchronized" there, too. |
19 |
>> http://www.gentoo.org/proj/en/infrastructure/ldap.xml#doc_chap3 |
20 |
> That does tell how to update the data, but does not suggest to do so. |
21 |
> |
22 |
> My main concern is the cross-referencing of our documentation. |
23 |
> I'm aware that there is a ton of documentation splattered all over the |
24 |
> place |
25 |
> and outside our infra. |
26 |
> But besides the "non-trivial" step to become a dev (as mentioned last week) |
27 |
> there is a certain non-trivial step to keep one, esp. by gathering the |
28 |
> non-routine informations and fast-forward developments. |
29 |
|
30 |
All pertinent information should be in the devmanual. If it's not, |
31 |
then this omission should be fixed as soon as possible. There is no |
32 |
reason to keep this scattered over multiple locations. |
33 |
|
34 |
-- |
35 |
Cheers, |
36 |
|
37 |
Ben | yngwin |
38 |
Gentoo developer |
39 |
Gentoo Qt project lead, Gentoo Wiki admin |