1 |
On 1/4/2017 2:47 PM, Kristian Fiskerstrand wrote: |
2 |
> On 01/04/2017 06:58 PM, Kristian Fiskerstrand wrote: |
3 |
>> With increasing focus on security in various contexts I'd like to |
4 |
>> propose that we start discussing catching up with other distributions |
5 |
>> and start requiring new developers' OpenPGP keyblocks to have at least |
6 |
>> two signatures from existing developers before applications can be |
7 |
>> made[A]. Amongst other things This helps building the Gentoo Web of Trust. |
8 |
>> |
9 |
> |
10 |
> Since the qa-report one is down, this is the current Gentoo WoT: |
11 |
> https://download.sumptuouscapital.com/gentoo/gentoo-devs.png |
12 |
> |
13 |
|
14 |
What this doesn't show are the developers (including me) who have no |
15 |
signatures or none relating to Gentoo. |
16 |
|
17 |
Besides Gentoo, I have little to no interaction with anyone who even |
18 |
knows what GPG even is. |
19 |
|
20 |
I don't agree with making this a requirement or even having another hoop |
21 |
to jump through for those who cannot travel. Not everyone has the |
22 |
luxury of going from place to place. |
23 |
|
24 |
Brian |