| 1 |
On Thursday, September 29, 2011 12:48:35 Mr. Aaron W. Swenson wrote: |
| 2 |
> Well, there's a bit more to it than that. 'repoman' must enforce the usage |
| 3 |
> of keys or die if it can't. |
| 4 |
|
| 5 |
there's already bugs open for this. 298605 and 313601. if you want to |
| 6 |
accelerate things, then chip in and update repoman. |
| 7 |
|
| 8 |
> Also, the Dev Handbook only says 'can', it needs to be changed to |
| 9 |
> 'must'. |
| 10 |
|
| 11 |
that is the summary of the article which describes what the page is for, not |
| 12 |
the policy it enforces. |
| 13 |
|
| 14 |
> I'd also drop the bit about expiration. Instead, I'd change it to |
| 15 |
> read "expires no sooner than 6 months". You know, to give the key a moment |
| 16 |
> to be recognized by some people, perhaps even marginally trusted by |
| 17 |
> someone. |
| 18 |
|
| 19 |
i'm fine with extending the length of the key. i think last time this came |
| 20 |
up, so was everyone else. the point was more disallowing keys that never |
| 21 |
expire. |
| 22 |
|
| 23 |
but this doesn't stop anyone from signing their manifests today. |
| 24 |
|
| 25 |
> What really matters is that it is an unexpired, valid key. |
| 26 |
|
| 27 |
no, what matters is that the key is unexpired/valid at the time the signature |
| 28 |
was made, and not revoked after that (simply because it expired ... revoking |
| 29 |
because of compromise is obviously OK). |
| 30 |
-mike |
Archives