1 |
On 19-02-17 09:55:54, Michał Górny wrote: |
2 |
> On Sun, 2019-02-17 at 06:56 +0000, Robin H. Johnson wrote: |
3 |
> > On Sat, Feb 16, 2019 at 09:40:21AM +0100, Michał Górny wrote: |
4 |
> |
5 |
> > 2. The uid signatures should NOT be naively exported to keyservers. They |
6 |
> > should use the CAFF method of generating a uid signature, writing it to a file, |
7 |
> > and sending it as an encrypted message to the uid address. The uid owner is |
8 |
> > responsible for decrypt + sending to servers. This ensures that the email |
9 |
> > address and key are still tied together. |
10 |
> |
11 |
> That sounds like awful requirement of statefulness with requirement of |
12 |
> manual manipulation to me, i.e. a can of worms. Do we really need to |
13 |
> assume that Gentoo developers will be adding keys they can't use to |
14 |
> LDAP? |
15 |
> |
16 |
|
17 |
It could also be a bad actor, though that comes with other concerns. |
18 |
The CAFF method is the standard way of handling signatures, switching to |
19 |
ldap also switches our trust store to be based on ldap, not developer |
20 |
keys (anything can be in ldap). |
21 |
|
22 |
-- |
23 |
Matthew Thode (prometheanfire) |