| 1 |
Am Donnerstag, 31. Januar 2019, 18:33:25 CET schrieb Rich Freeman: |
| 2 |
> On Thu, Jan 31, 2019 at 8:56 AM Michał Górny <mgorny@g.o> wrote: |
| 3 |
> > 1. It is entirely customary and therefore requires customized software |
| 4 |
> > |
| 5 |
> > to use. In other words, it's of limited usefulness to people outside |
| 6 |
> > Gentoo or does not work out of the box there. |
| 7 |
> |
| 8 |
> This part could be addressed easily by having Gentoo create a signing |
| 9 |
> key, and automatically signing all dev keys based on LDAP using it. |
| 10 |
> Then users can trust that one key and inherit trust for the rest. |
| 11 |
> |
| 12 |
> Users have to opt into the trust model by trusting somebody's key no |
| 13 |
> matter what. No reason that couldn't be a centrally-managed one. |
| 14 |
|
| 15 |
Nitpicking: Gentoo infra would only sign a @gentoo.org uid, and whether it |
| 16 |
should contain a name or not would need to be defined (and published somewhere |
| 17 |
as signature policy). |
| 18 |
|
| 19 |
But yes, that is a (different) obvious way to go. |
| 20 |
|
| 21 |
-- |
| 22 |
Andreas K. Hüttel |
| 23 |
dilfridge@g.o |
| 24 |
Gentoo Linux developer |
| 25 |
(council, toolchain, base-system, perl, libreoffice) |
Archives