Gentoo Archives: gentoo-project

From: Patrick Lauer <patrick@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Preparations Council meeting 2011-08-09
Date: Mon, 01 Aug 2011 21:52:07
Message-Id: 4E371FD4.1040407@gentoo.org
In Reply to: [gentoo-project] Preparations Council meeting 2011-08-09 by Fabian Groffen
1 On 07/29/11 19:55, Fabian Groffen wrote:
2 > With a bit more than a week ahead of us for the next council meeting,
3 > I'd like to start preparing the agenda, given that current practice
4 > still is to send it out a week in advance.
5
6 A small thing which I've brought up for discussion twice (and both times
7 it was mostly ignored), but which I'd really like to see discussed or
8 even agreed on:
9
10 A simple policy making signed commits mandatory, plus a simple policy on
11 key length, permissible encryption/signature algorithms, and a
12 well-defined place where (public) keys are made available for verifying
13 and checking the validity of the signatures.
14
15
16 It would greatly improve the current status quo and remove any ambiguity
17 which might motivate people to use a 4-bit key for signing to be within
18 the letter of the law.
19
20
21 Thanks,
22
23 Patrick

Replies