| 1 |
On 19-02-17 09:55:54, Michał Górny wrote: |
| 2 |
> On Sun, 2019-02-17 at 06:56 +0000, Robin H. Johnson wrote: |
| 3 |
> > On Sat, Feb 16, 2019 at 09:40:21AM +0100, Michał Górny wrote: |
| 4 |
> |
| 5 |
> > 2. The uid signatures should NOT be naively exported to keyservers. They |
| 6 |
> > should use the CAFF method of generating a uid signature, writing it to a file, |
| 7 |
> > and sending it as an encrypted message to the uid address. The uid owner is |
| 8 |
> > responsible for decrypt + sending to servers. This ensures that the email |
| 9 |
> > address and key are still tied together. |
| 10 |
> |
| 11 |
> That sounds like awful requirement of statefulness with requirement of |
| 12 |
> manual manipulation to me, i.e. a can of worms. Do we really need to |
| 13 |
> assume that Gentoo developers will be adding keys they can't use to |
| 14 |
> LDAP? |
| 15 |
> |
| 16 |
|
| 17 |
It could also be a bad actor, though that comes with other concerns. |
| 18 |
The CAFF method is the standard way of handling signatures, switching to |
| 19 |
ldap also switches our trust store to be based on ldap, not developer |
| 20 |
keys (anything can be in ldap). |
| 21 |
|
| 22 |
-- |
| 23 |
Matthew Thode (prometheanfire) |
Archives