1 |
On 10/29/2013 09:23 PM, Andreas K. Huettel wrote: |
2 |
> In two weeks from now, the council will again have its regular monthly |
3 |
> meeting. Now is the time to raise and prepare items that the council should |
4 |
> put on the agenda to discuss or vote on. |
5 |
|
6 |
Request: A minimal policy for pgp keys and key handling (for commit signing) |
7 |
|
8 |
- Define the allowed key parameters: |
9 |
e.g. 2048bit RSA or DSA, validity at least 6 months |
10 |
|
11 |
- Define a canonical location (e.g. in LDAP and on at least one |
12 |
keyserver) where every dev's key is accessible (at least to gentoo infra) |
13 |
|
14 |
- Define a location of a (signed, autoupdated) global keyring that is |
15 |
accessible to all interested parties (e.g. |
16 |
http://www.gentoo.org/keyring.txt ) |
17 |
|
18 |
That's the first stage that can be done now without big problems, and it |
19 |
can be amended at any later time if there's any deficiencies. |
20 |
(so if we agree that 2048 bit are not enough we just fix it to 4096 bit |
21 |
and a three-month migration time) |
22 |
|
23 |
With that in place we can make commit signing mandatory (because right |
24 |
now we don't even have a way to fetch all keys, so it's worse than |
25 |
useless). |
26 |
|
27 |
And then as a third stage we can discuss things like, say, disabling |
28 |
commit access when the key is less than a month valid (after sending |
29 |
some automated warning mails, yes?) and other ways to make this meaningful. |
30 |
|
31 |
|
32 |
But - let's not get carried away in a big debate about how the NSA has |
33 |
infiltrated the minds of at least three devs, so we need four signatures |
34 |
on every commit before it goes live, and other unrelated madness. Just |
35 |
define the minimum set of rules to make signing useful, and then figure |
36 |
out how to enforce it. |
37 |
|
38 |
(As a sidenote, someone might want to figure out how to do remote signed |
39 |
commits - last time this was discussed I think there were some minor |
40 |
issues that should be worked out so that we're all not too affected with |
41 |
workflow changes) |
42 |
|
43 |
Thanks, |
44 |
|
45 |
Patrick |