Gentoo Archives: gentoo-project

From: Donnie Berkholz <dberkholz@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Preparations Council meeting 2011-08-09
Date: Thu, 04 Aug 2011 19:56:32
In Reply to: Re: [gentoo-project] Preparations Council meeting 2011-08-09 by Patrick Lauer
On 16:33 Thu 04 Aug     , Patrick Lauer wrote:
> On 08/04/11 15:24, Dane Smith wrote: > >> A small thing which I've brought up for discussion twice (and both times > >> it was mostly ignored), but which I'd really like to see discussed or > >> even agreed on: > >> > >> A simple policy making signed commits mandatory, plus a simple policy on > >> key length, permissible encryption/signature algorithms, and a > >> well-defined place where (public) keys are made available for verifying > >> and checking the validity of the signatures. > >> > >> > > > > IMHO: > > Key Length: 2048 > > Enc/Sig: RSA Signatures, sha256 hashes > As a first iteration I think this is "good enough", we can still discuss > the finer details (but I think that'll mostly be bikeshedding and should > not stop us now from defining an initial standard)
I'm happy to vote on a standard whenever you experts can come up with a concrete set of requirements to propose. -- Thanks, Donnie Donnie Berkholz Council Member / Sr. Developer Gentoo Linux Blog: