| 1 |
On 01/04/2017 11:47 AM, Kristian Fiskerstrand wrote: |
| 2 |
> On 01/04/2017 06:58 PM, Kristian Fiskerstrand wrote: |
| 3 |
>> With increasing focus on security in various contexts I'd like to |
| 4 |
>> propose that we start discussing catching up with other distributions |
| 5 |
>> and start requiring new developers' OpenPGP keyblocks to have at least |
| 6 |
>> two signatures from existing developers before applications can be |
| 7 |
>> made[A]. Amongst other things This helps building the Gentoo Web of Trust. |
| 8 |
>> |
| 9 |
> |
| 10 |
> Since the qa-report one is down, this is the current Gentoo WoT: |
| 11 |
> https://download.sumptuouscapital.com/gentoo/gentoo-devs.png |
| 12 |
> |
| 13 |
|
| 14 |
Strange, I don't see myself or chutzpah on that image, but we exchanged |
| 15 |
keys in person and signed each other's keys. Is there something off in |
| 16 |
the relation of our keys? |
| 17 |
|
| 18 |
-- |
| 19 |
Daniel Campbell - Gentoo Developer |
| 20 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
| 21 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
Archives
