Gentoo Archives: gentoo-nfp

From:	"Andreas K. Huettel" <dilfridge@g.o>
To:	gentoo-nfp@l.g.o
Subject:	Re: [gentoo-nfp] Re: PGP fingerprints of Foundation members (item for Trustees meeting)
Date:	Fri, 04 Aug 2017 03:51:45
Message-Id:	`6816941.jZOj2AacRr@porto`
In Reply to:	[gentoo-nfp] Re: PGP fingerprints of Foundation members (item for Trustees meeting) by Roy Bamford

1	> > >Apparently, the Foundation only has a list of PGP key IDs in
2	> > >https://wiki.gentoo.org/wiki/Foundation:Member_List. Even worse, most
3	> > >IDs listed there are only 32 bit IDs, providing no security at all.
4	> > >
5	> > >I would like to ask the Foundation to keep a list with the (160 bit)
6	> > >PGP fingerprints of its members. (For developers, this information
7	> > >should be readily available in LDAP.)
8	> > >
9	> > >Ulrich
10	>
11	> What do we need to prove?
12	>
13	> That the the key belongs to a given individual or just that the key on the
14	> vote is the same as the key used for the membership application.?
15	>
16
17	That the key on the vote is the same as the key used for the membership
18	application.
19
20	This is impossible without the full fingerprint.
21	And with only the short keyid it's trivial to hack.
22
23	--
24	Andreas K. Hüttel
25	dilfridge@g.o
26	Gentoo Linux developer (council, perl, libreoffice)

Subject	Author
Re: [gentoo-nfp] Re: PGP fingerprints of Foundation members (item for Trustees meeting)	Matthew Thode <prometheanfire@g.o>