1 |
On Tuesday, December 6, 2016 9:52:02 AM EST Kent Fredric wrote: |
2 |
> On Mon, 05 Dec 2016 15:22:15 -0500 |
3 |
> |
4 |
> "William L. Thomson Jr." <wlt-ml@××××××.com> wrote: |
5 |
> > I was meaning for anyone with @gentoo.org. Like commits must be signed. |
6 |
> > Its one thing to spoof another list member. No outsider should be able to |
7 |
> > pose as an @gentoo.org address. |
8 |
> |
9 |
> But that means you have to require signing when the from is @gentoo.org , |
10 |
> but not otherwise. |
11 |
|
12 |
Can you think of a reason to not sign an email from @gentoo.org? Would that |
13 |
not be the same as not signing a commit? |
14 |
|
15 |
I really believe this was required in the past. I had serious issues with GPG |
16 |
signing with Evolution and Seahorse. Robin/robbat2 got involved as team lead |
17 |
to mediate a conflict. One that NEVER made it to comrel since the proper |
18 |
resolution mechanisms were in place and worked flawlessly!!!! I even had |
19 |
serious culture differences with dude... |
20 |
|
21 |
The only reason I was messing with GPG and emails was it was required. At |
22 |
least I was under that impression. Not sure when that changed. |
23 |
|
24 |
> Which means @gentoo.org can still spoof @example.org :) |
25 |
|
26 |
That is more of a concern to @example.org than Gentoo. Though something should |
27 |
be in place to not allow spoofing all around. IMHO |
28 |
|
29 |
> I'm not really complaining here, I just don't think it would be consistent, |
30 |
> only a double standard. |
31 |
|
32 |
I do hate double standards :) |
33 |
|
34 |
I would not be against requiring everyone to sign. Though given that MTA's |
35 |
allow you to sign emails from others. Not sure it will help. |
36 |
|
37 |
I filed a bug with kmail on that. |
38 |
|
39 |
Verify GPG key emails when signing an email |
40 |
https://bugs.kde.org/show_bug.cgi?id=373314 |
41 |
|
42 |
And one that allowed me to spoof in the first place... |
43 |
|
44 |
Make From field in the composer read only |
45 |
https://bugs.kde.org/show_bug.cgi?id=373313 |
46 |
|
47 |
-- |
48 |
William L. Thomson Jr. |