1 |
>What is the minimum number of bits for inner-keyring keys? developer keys? |
2 |
>Will this number change over time to accomodate increased CPU technology? |
3 |
|
4 |
No, this is a good point to bring up. Once we get nearer to implementation |
5 |
we'll make these sort of decisions and keep everyone informed. |
6 |
|
7 |
>On Sat, Apr 19, 2003 at 01:39:38AM -0500, Joshua Brindle wrote: |
8 |
><snip> |
9 |
>> Implementation: |
10 |
>> |
11 |
>> * There will be an inner-keyring of senior developers holding keys. |
12 |
>> These keys are the master keys used to sign developer keys. |
13 |
>> They are not used to sign data in portage directly. |
14 |
>> |
15 |
>> *** The exact number of keys and holders has not been decided but |
16 |
>> for a developer to be recognized by portage he will have to |
17 |
>> have his key signed by the lower bound of N/2 of the inner-ring |
18 |
>> keys. For example, if we have 5 inner keys then a developer |
19 |
>> will have to have a key signed by at least 2 of them. |
20 |
>> |
21 |
><snip> |
22 |
>> Developer use: |
23 |
>> -------------- |
24 |
>> * Each developer has one key used exclusively for ebuild signing. |
25 |
>> * Each developer must have their key signed by at least the lower |
26 |
>> bound of N/2 inner-ring keys. |
27 |
>> * Each developer should have a strong passphrase and good |
28 |
>> protection for their key. |
29 |
>> * Developers will use repoman to digest and sign manifests. |
30 |
|
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-hardened@g.o mailing list |