| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 08/01/2011 05:51 PM, Patrick Lauer wrote: |
| 5 |
> On 07/29/11 19:55, Fabian Groffen wrote: |
| 6 |
>> With a bit more than a week ahead of us for the next council |
| 7 |
>> meeting, I'd like to start preparing the agenda, given that current |
| 8 |
>> practice still is to send it out a week in advance. |
| 9 |
> |
| 10 |
> A small thing which I've brought up for discussion twice (and both |
| 11 |
> times it was mostly ignored), but which I'd really like to see |
| 12 |
> discussed or even agreed on: |
| 13 |
> |
| 14 |
> A simple policy making signed commits mandatory, plus a simple policy |
| 15 |
> on key length, permissible encryption/signature algorithms, and a |
| 16 |
> well-defined place where (public) keys are made available for |
| 17 |
> verifying and checking the validity of the signatures. |
| 18 |
> |
| 19 |
> |
| 20 |
> It would greatly improve the current status quo and remove any |
| 21 |
> ambiguity which might motivate people to use a 4-bit key for signing |
| 22 |
> to be within the letter of the law. |
| 23 |
> |
| 24 |
> |
| 25 |
> Thanks, |
| 26 |
> |
| 27 |
> Patrick |
| 28 |
> |
| 29 |
|
| 30 |
I second this. |
| 31 |
|
| 32 |
The Developer's Handbook specifies[1] that a DSA key with a minimum 1024 |
| 33 |
bit length is required, but not whether 'DSA and Elgamal' or 'DSA (sign |
| 34 |
only)' should be used, and it does not specify to which key server the |
| 35 |
key must be submitted. |
| 36 |
|
| 37 |
Inquiring minds need to know. |
| 38 |
|
| 39 |
- - Aaron |
| 40 |
|
| 41 |
[1] http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 |
| 42 |
-----BEGIN PGP SIGNATURE----- |
| 43 |
Version: GnuPG v2.0.17 (GNU/Linux) |
| 44 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 45 |
|
| 46 |
iF4EAREIAAYFAk43L1MACgkQCOhwUhu5AEkRIQD9EEn6+lXi5CHmqxLh0ltCQY41 |
| 47 |
w9Kh+Ck2KOnH+QDPUvMA/2gL13ROr6fZDgyufKrS6yCA4LFxkigs2d0hAkw9V6ce |
| 48 |
=Tm3U |
| 49 |
-----END PGP SIGNATURE----- |
Archives