| 1 |
On 13 February 2013 15:07, Michael Weber <xmw@g.o> wrote: |
| 2 |
> On 02/13/2013 12:28 AM, Robin H. Johnson wrote: |
| 3 |
>> On Wed, Feb 13, 2013 at 12:12:35AM +0100, Michael Weber wrote: |
| 4 |
>>> On 02/12/2013 10:14 PM, William Hubbs wrote: |
| 5 |
>>>> If you have any questions on this, please feel free to let us |
| 6 |
>>>> know. |
| 7 |
>>> What is the rotation strategy for (near) outdated keys? |
| 8 |
>>> Alter the key or create a new one? Sign the new with the old one? |
| 9 |
>> If your keysize is still good, you should ideally update the expiry on |
| 10 |
>> the key and re-upload it to keyservers. |
| 11 |
> Can you commit this to the document, please? |
| 12 |
> |
| 13 |
>>> IMHO the answer to these questions is not obvious nor given by (our) |
| 14 |
>>> docu [1]. |
| 15 |
>> I'm pretty sure it was in the devrel developer handbook at one point, |
| 16 |
>> along with instructions to create your key, but I can't find it now. |
| 17 |
>> |
| 18 |
>>> Maybe, add "keep ldap id/fingerprint synchronized" there, too. |
| 19 |
>> http://www.gentoo.org/proj/en/infrastructure/ldap.xml#doc_chap3 |
| 20 |
> That does tell how to update the data, but does not suggest to do so. |
| 21 |
> |
| 22 |
> My main concern is the cross-referencing of our documentation. |
| 23 |
> I'm aware that there is a ton of documentation splattered all over the |
| 24 |
> place |
| 25 |
> and outside our infra. |
| 26 |
> But besides the "non-trivial" step to become a dev (as mentioned last week) |
| 27 |
> there is a certain non-trivial step to keep one, esp. by gathering the |
| 28 |
> non-routine informations and fast-forward developments. |
| 29 |
|
| 30 |
All pertinent information should be in the devmanual. If it's not, |
| 31 |
then this omission should be fixed as soon as possible. There is no |
| 32 |
reason to keep this scattered over multiple locations. |
| 33 |
|
| 34 |
-- |
| 35 |
Cheers, |
| 36 |
|
| 37 |
Ben | yngwin |
| 38 |
Gentoo developer |
| 39 |
Gentoo Qt project lead, Gentoo Wiki admin |
Archives