| 1 |
On 19-04-28 21:46:24, Rich Freeman wrote: |
| 2 |
> On Sun, Apr 28, 2019 at 6:42 PM Thomas Deutschmann <whissi@g.o> wrote: |
| 3 |
> > |
| 4 |
> > Please respond to this message with agenda items. Do not hesitate to |
| 5 |
> > repeat your agenda item here with a pointer if you previously |
| 6 |
> > suggested one (since the last meeting). |
| 7 |
> > |
| 8 |
> |
| 9 |
> I would like the council to consider my patch to GLEP 63 to allow a |
| 10 |
> single combined primary/signing key when the key is stored on a |
| 11 |
> smartcard, so that keys may be generated on a Nitrokey without relying |
| 12 |
> on a primary key maintained offline in software, which I think will |
| 13 |
> not happen much in practice. This should increase the security of |
| 14 |
> signing keys by reducing handling or even storage of primary keys on |
| 15 |
> internet-connected hosts (which the GLEP already allows for). |
| 16 |
> |
| 17 |
> Patch and discussion at: |
| 18 |
> https://archives.gentoo.org/gentoo-dev/message/d05070a200e4f5858642d308d9b3e39f |
| 19 |
|
| 20 |
My main concern here is devs needing to re-establish their keys with |
| 21 |
infra in a trusted maner when the key is lost/stolen or otherwise |
| 22 |
defunct. Re-establishing that trust may be outside the scope of this |
| 23 |
request though. |
| 24 |
|
| 25 |
-- |
| 26 |
Matthew Thode (prometheanfire) |
Archives