| 1 |
>What is the minimum number of bits for inner-keyring keys? developer keys? |
| 2 |
>Will this number change over time to accomodate increased CPU technology? |
| 3 |
|
| 4 |
No, this is a good point to bring up. Once we get nearer to implementation |
| 5 |
we'll make these sort of decisions and keep everyone informed. |
| 6 |
|
| 7 |
>On Sat, Apr 19, 2003 at 01:39:38AM -0500, Joshua Brindle wrote: |
| 8 |
><snip> |
| 9 |
>> Implementation: |
| 10 |
>> |
| 11 |
>> * There will be an inner-keyring of senior developers holding keys. |
| 12 |
>> These keys are the master keys used to sign developer keys. |
| 13 |
>> They are not used to sign data in portage directly. |
| 14 |
>> |
| 15 |
>> *** The exact number of keys and holders has not been decided but |
| 16 |
>> for a developer to be recognized by portage he will have to |
| 17 |
>> have his key signed by the lower bound of N/2 of the inner-ring |
| 18 |
>> keys. For example, if we have 5 inner keys then a developer |
| 19 |
>> will have to have a key signed by at least 2 of them. |
| 20 |
>> |
| 21 |
><snip> |
| 22 |
>> Developer use: |
| 23 |
>> -------------- |
| 24 |
>> * Each developer has one key used exclusively for ebuild signing. |
| 25 |
>> * Each developer must have their key signed by at least the lower |
| 26 |
>> bound of N/2 inner-ring keys. |
| 27 |
>> * Each developer should have a strong passphrase and good |
| 28 |
>> protection for their key. |
| 29 |
>> * Developers will use repoman to digest and sign manifests. |
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-hardened@g.o mailing list |
Archives