1 |
Am Donnerstag, 31. Januar 2019, 18:33:25 CET schrieb Rich Freeman: |
2 |
> On Thu, Jan 31, 2019 at 8:56 AM Michał Górny <mgorny@g.o> wrote: |
3 |
> > 1. It is entirely customary and therefore requires customized software |
4 |
> > |
5 |
> > to use. In other words, it's of limited usefulness to people outside |
6 |
> > Gentoo or does not work out of the box there. |
7 |
> |
8 |
> This part could be addressed easily by having Gentoo create a signing |
9 |
> key, and automatically signing all dev keys based on LDAP using it. |
10 |
> Then users can trust that one key and inherit trust for the rest. |
11 |
> |
12 |
> Users have to opt into the trust model by trusting somebody's key no |
13 |
> matter what. No reason that couldn't be a centrally-managed one. |
14 |
|
15 |
Nitpicking: Gentoo infra would only sign a @gentoo.org uid, and whether it |
16 |
should contain a name or not would need to be defined (and published somewhere |
17 |
as signature policy). |
18 |
|
19 |
But yes, that is a (different) obvious way to go. |
20 |
|
21 |
-- |
22 |
Andreas K. Hüttel |
23 |
dilfridge@g.o |
24 |
Gentoo Linux developer |
25 |
(council, toolchain, base-system, perl, libreoffice) |