1 |
On Fri, Mar 25, 2011 at 2:57 PM, Dane Smith wrote: |
2 |
> On 03/25/2011 02:46 PM, Mike Frysinger wrote: |
3 |
>> On Fri, Mar 25, 2011 at 4:53 AM, Andreas K. Huettel wrote: |
4 |
>>> Of course now we can add additional requirements: |
5 |
>>> |
6 |
>>> * The key must have an userid that refers to an official Gentoo e-mail |
7 |
>>> address. E.g. dilfridge@g.o |
8 |
>> |
9 |
>> no. there's no reason for this requirement, and it prevents proxy |
10 |
>> maintenance long term. e-mail addresses do not verify identity, |
11 |
>> verifying identify verifies identity. this is the point of the web of |
12 |
>> trust. |
13 |
> |
14 |
> We are somewhat limited in the amount that we can verify "identity." |
15 |
> Sure you can get a decent web of trust from signing the keys of people |
16 |
> you've met at conferences, however, there will be people outside of that |
17 |
> web. |
18 |
|
19 |
creating one "tree key" which signs all developer keys listed in LDAP |
20 |
is trivial to do |
21 |
|
22 |
> What we need to verify is rather that the person who made the |
23 |
> commit is someone who is authorized to make the commit and that it was |
24 |
> in no way tampered with. |
25 |
|
26 |
you're validating only that the machine with access to the private |
27 |
keys pushed up the commit. hopefully the only person with said |
28 |
machine is the one we recruited. |
29 |
-mike |