1 |
On Wed, Jan 4, 2017 at 6:58 PM, Kristian Fiskerstrand <k_f@g.o> wrote: |
2 |
> With increasing focus on security in various contexts I'd like to |
3 |
> propose that we start discussing catching up with other distributions |
4 |
> and start requiring new developers' OpenPGP keyblocks to have at least |
5 |
> two signatures from existing developers before applications can be |
6 |
> made[A]. Amongst other things This helps building the Gentoo Web of Trust. |
7 |
|
8 |
I like your proposal in abstracto (and I have the good luck of having |
9 |
been at FOSDEM once, where I gathered some signatures, including |
10 |
yours), but I agree with Rich and MichaĆ in that I'm not sure how this |
11 |
is practical, in the sense of not putting up another pretty big |
12 |
barrier to entry for new developers. Do you have an idea for this in |
13 |
mind that does not actually require expensive (in time and money) IRL |
14 |
meetings? |
15 |
|
16 |
Cheers, |
17 |
|
18 |
Dirkjan |