Archives
Archives
| From: | Kristian Fiskerstrand <k_f@g.o> | ||
|---|---|---|---|
| To: | gentoo-project@l.g.o | ||
| Subject: | Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? | ||
| Date: | Wed, 04 Jan 2017 19:47:17 | ||
| Message-Id: | 95d34bff-08e8-b732-4b4a-1500809d5afb@gentoo.org | ||
| In Reply to: | [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? by Kristian Fiskerstrand |
||
| 1 | On 01/04/2017 06:58 PM, Kristian Fiskerstrand wrote: |
| 2 | > With increasing focus on security in various contexts I'd like to |
| 3 | > propose that we start discussing catching up with other distributions |
| 4 | > and start requiring new developers' OpenPGP keyblocks to have at least |
| 5 | > two signatures from existing developers before applications can be |
| 6 | > made[A]. Amongst other things This helps building the Gentoo Web of Trust. |
| 7 | > |
| 8 | |
| 9 | Since the qa-report one is down, this is the current Gentoo WoT: |
| 10 | https://download.sumptuouscapital.com/gentoo/gentoo-devs.png |
| 11 | |
| 12 | -- |
| 13 | Kristian Fiskerstrand |
| 14 | OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
| 15 | fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? | Michael Orlitzky <mjo@g.o> |
| Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? | Brian Evans <grknight@g.o> |
| Re: [gentoo-project] Require OpenPGP signatures from existing devs on new developer applications? | Daniel Campbell <zlg@g.o> |
