Gentoo Archives: gentoo-project

From: Patrick Lauer <patrick@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Preparations Council meeting 2011-08-09
Date: Thu, 04 Aug 2011 14:34:18
In Reply to: Re: [gentoo-project] Preparations Council meeting 2011-08-09 by Dane Smith
On 08/04/11 15:24, Dane Smith wrote:
>> A small thing which I've brought up for discussion twice (and both times >> it was mostly ignored), but which I'd really like to see discussed or >> even agreed on: >> >> A simple policy making signed commits mandatory, plus a simple policy on >> key length, permissible encryption/signature algorithms, and a >> well-defined place where (public) keys are made available for verifying >> and checking the validity of the signatures. >> >> > > IMHO: > Key Length: 2048 > Enc/Sig: RSA Signatures, sha256 hashes
As a first iteration I think this is "good enough", we can still discuss the finer details (but I think that'll mostly be bikeshedding and should not stop us now from defining an initial standard)
> Last part: Still working on that.
Can we store the keys in LDAP ? If yes it would be trivial to write a cute little script that just generates a tarball of them all and put it somewhere in the public webspace.


Subject Author
Re: [gentoo-project] Preparations Council meeting 2011-08-09 Donnie Berkholz <dberkholz@g.o>