1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 11/15/2013 01:23 AM, Robin H. Johnson wrote: |
5 |
> You crossed sections, but let's collapse both to: |
6 |
> |
7 |
> Bare minimum requirements: |
8 |
> 3. Key expiry: 6 months min, 3 years max. |
9 |
> Recommendations: |
10 |
> 4.1. Root key: 6 months min, 3 year max; |
11 |
> 4.2. Signing subkey: 3 months min, 1 year max; |
12 |
> 4.3. For both keys, expiry date should always be update at least 1 month before expiry. |
13 |
|
14 |
How are we planning on updating keys on user's systems to verify things? |
15 |
I only ask because 3 months on the signing key means whatever we do |
16 |
needs to happen *securely* every 3 months at most. So like, if we are |
17 |
pushing an ebuild with a keyring then we have to update it every 2 |
18 |
months so keys don't expire and then that would break if the user |
19 |
doesn't update every 3 months... Might be an issue as we try as a whole |
20 |
to keep systems updatable for 1 year. |
21 |
|
22 |
- -Zero |
23 |
-----BEGIN PGP SIGNATURE----- |
24 |
Version: GnuPG v2.0.22 (GNU/Linux) |
25 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
26 |
|
27 |
iQIcBAEBAgAGBQJShm0zAAoJEKXdFCfdEflK0YcP/jBttkSGpJI6huDHz0VDGyB1 |
28 |
B53cUxTn+yZZcqAlcoeLojhox/Fz2Zhw+J2pNXXOTXC8+FrQ3B25elrEqJGRmMbf |
29 |
uhpuIq2k2PzKOqp6sQHhUTS6bd3vwUnarJO/3jUEzuqT2BsFz0emnkM10CO1G6os |
30 |
EQSMXRl2MDHSlWSVAPkl6SP0F8HRGp5FuBt0f99bNe3wrcAYTvhCrKvZfxgH/E61 |
31 |
Mx0UUaCZaZGg/n9PdB5D6reRgMkKE33SwcK1ReilSnGT+rxM1zTX7UMlXHxLvqgn |
32 |
iSpYVq9tad3ZgukilDRjziKGp3h0q91HTwh8FdyrmylU6ryUBkF3uEL2X31pR2Tz |
33 |
X96MMXfk7BXHCcETTtLvHlsR6OTvvoEqMIk8n3BXpzEoTdvqRFZUe8IlHzii/xMX |
34 |
UO6EFfOWBIepkuX4jRCC68A38zQW/JheW5anZXvhs90+3P271juVN4atHWOIbtDr |
35 |
CzErZV3dQN3bwxtp9PAhoifdFf0AuHtT2/KTpLBSydYzkFIYBTemIm0xCD8NbRbj |
36 |
N8Weu9K/c6fY3KX9HSL7ZP6gd6bAv9CRyf++2hFm9VUq4St+5/tgN9ef9wTlKMg1 |
37 |
XdSUnz70Kq6mPNH9ELrCuGTPNDjwtbRodDPLSiEPI/bftHepiSqVhf518mkJi6Nz |
38 |
WzwWKSV5QsIICdJOPCUj |
39 |
=BCjG |
40 |
-----END PGP SIGNATURE----- |