| 1 |
On 10/29/2013 09:23 PM, Andreas K. Huettel wrote: |
| 2 |
> In two weeks from now, the council will again have its regular monthly |
| 3 |
> meeting. Now is the time to raise and prepare items that the council should |
| 4 |
> put on the agenda to discuss or vote on. |
| 5 |
|
| 6 |
Request: A minimal policy for pgp keys and key handling (for commit signing) |
| 7 |
|
| 8 |
- Define the allowed key parameters: |
| 9 |
e.g. 2048bit RSA or DSA, validity at least 6 months |
| 10 |
|
| 11 |
- Define a canonical location (e.g. in LDAP and on at least one |
| 12 |
keyserver) where every dev's key is accessible (at least to gentoo infra) |
| 13 |
|
| 14 |
- Define a location of a (signed, autoupdated) global keyring that is |
| 15 |
accessible to all interested parties (e.g. |
| 16 |
http://www.gentoo.org/keyring.txt ) |
| 17 |
|
| 18 |
That's the first stage that can be done now without big problems, and it |
| 19 |
can be amended at any later time if there's any deficiencies. |
| 20 |
(so if we agree that 2048 bit are not enough we just fix it to 4096 bit |
| 21 |
and a three-month migration time) |
| 22 |
|
| 23 |
With that in place we can make commit signing mandatory (because right |
| 24 |
now we don't even have a way to fetch all keys, so it's worse than |
| 25 |
useless). |
| 26 |
|
| 27 |
And then as a third stage we can discuss things like, say, disabling |
| 28 |
commit access when the key is less than a month valid (after sending |
| 29 |
some automated warning mails, yes?) and other ways to make this meaningful. |
| 30 |
|
| 31 |
|
| 32 |
But - let's not get carried away in a big debate about how the NSA has |
| 33 |
infiltrated the minds of at least three devs, so we need four signatures |
| 34 |
on every commit before it goes live, and other unrelated madness. Just |
| 35 |
define the minimum set of rules to make signing useful, and then figure |
| 36 |
out how to enforce it. |
| 37 |
|
| 38 |
(As a sidenote, someone might want to figure out how to do remote signed |
| 39 |
commits - last time this was discussed I think there were some minor |
| 40 |
issues that should be worked out so that we're all not too affected with |
| 41 |
workflow changes) |
| 42 |
|
| 43 |
Thanks, |
| 44 |
|
| 45 |
Patrick |
Archives