Gentoo Archives: gentoo-project

From: Brian Evans <grknight@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Fri, 01 Feb 2019 14:43:30
Message-Id: 2b8cb50f-7fd2-39c7-5f84-ea03c7806360@gentoo.org
In Reply to: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust by "Michał Górny"
On 2/1/2019 1:57 AM, Michał Górny wrote:
> On Thu, 2019-01-31 at 09:21 -0500, Brian Evans wrote: >> On 1/31/2019 8:56 AM, Michał Górny wrote: >> >>> >>> Signature requirements >>> ---------------------- >>> >>> As a final goal of this GLEP, each Gentoo developer will be required >>> to have at least one signature from another Gentoo developer or from >>> member of one of the partner communities present on their >>> ``@gentoo.org`` UID. >> >> -1 >> >> I won't be able to accomplish this as I do not travel and have no >> opportunities to meet with others. Plus, it's just downright awkward. >> I'm sure there are other devs in this same situation. >> > > The most commonly proposed alternative is identity verification via > video chat. Would that also be unachievable for you? > > It would be really nice to get some measure on how many people *really* > can't do it, rather than how many will oppose for the sake of opposing.
This is likely to be difficult if not impossible to accomplish.
> It is funny how many of the people complaining today would actually > quickly get the needed signature if this was required from the start.
It's also funny how a few individuals are suddenly pushing this obscure GPG "Web of Trust" that so few others care about. GnuPG is quite crude and difficult to use and understand. If this requirement becomes mandatory, my time will end at the 6 year mark. I cannot see myself ever being able to fulfill it, which is a shame. This trend of creating difficult barriers is seemingly getting worse in the last few proposals, both for users and developers. I still say this is all a bad idea. Brian

Attachments

File name MIME type
signature.asc application/pgp-signature