| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 11/15/2013 01:23 AM, Robin H. Johnson wrote: |
| 5 |
> You crossed sections, but let's collapse both to: |
| 6 |
> |
| 7 |
> Bare minimum requirements: |
| 8 |
> 3. Key expiry: 6 months min, 3 years max. |
| 9 |
> Recommendations: |
| 10 |
> 4.1. Root key: 6 months min, 3 year max; |
| 11 |
> 4.2. Signing subkey: 3 months min, 1 year max; |
| 12 |
> 4.3. For both keys, expiry date should always be update at least 1 month before expiry. |
| 13 |
|
| 14 |
How are we planning on updating keys on user's systems to verify things? |
| 15 |
I only ask because 3 months on the signing key means whatever we do |
| 16 |
needs to happen *securely* every 3 months at most. So like, if we are |
| 17 |
pushing an ebuild with a keyring then we have to update it every 2 |
| 18 |
months so keys don't expire and then that would break if the user |
| 19 |
doesn't update every 3 months... Might be an issue as we try as a whole |
| 20 |
to keep systems updatable for 1 year. |
| 21 |
|
| 22 |
- -Zero |
| 23 |
-----BEGIN PGP SIGNATURE----- |
| 24 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 25 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 26 |
|
| 27 |
iQIcBAEBAgAGBQJShm0zAAoJEKXdFCfdEflK0YcP/jBttkSGpJI6huDHz0VDGyB1 |
| 28 |
B53cUxTn+yZZcqAlcoeLojhox/Fz2Zhw+J2pNXXOTXC8+FrQ3B25elrEqJGRmMbf |
| 29 |
uhpuIq2k2PzKOqp6sQHhUTS6bd3vwUnarJO/3jUEzuqT2BsFz0emnkM10CO1G6os |
| 30 |
EQSMXRl2MDHSlWSVAPkl6SP0F8HRGp5FuBt0f99bNe3wrcAYTvhCrKvZfxgH/E61 |
| 31 |
Mx0UUaCZaZGg/n9PdB5D6reRgMkKE33SwcK1ReilSnGT+rxM1zTX7UMlXHxLvqgn |
| 32 |
iSpYVq9tad3ZgukilDRjziKGp3h0q91HTwh8FdyrmylU6ryUBkF3uEL2X31pR2Tz |
| 33 |
X96MMXfk7BXHCcETTtLvHlsR6OTvvoEqMIk8n3BXpzEoTdvqRFZUe8IlHzii/xMX |
| 34 |
UO6EFfOWBIepkuX4jRCC68A38zQW/JheW5anZXvhs90+3P271juVN4atHWOIbtDr |
| 35 |
CzErZV3dQN3bwxtp9PAhoifdFf0AuHtT2/KTpLBSydYzkFIYBTemIm0xCD8NbRbj |
| 36 |
N8Weu9K/c6fY3KX9HSL7ZP6gd6bAv9CRyf++2hFm9VUq4St+5/tgN9ef9wTlKMg1 |
| 37 |
XdSUnz70Kq6mPNH9ELrCuGTPNDjwtbRodDPLSiEPI/bftHepiSqVhf518mkJi6Nz |
| 38 |
WzwWKSV5QsIICdJOPCUj |
| 39 |
=BCjG |
| 40 |
-----END PGP SIGNATURE----- |
Archives