From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B3A091382C5 for ; Thu, 22 Mar 2018 12:07:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 66091E0901; Thu, 22 Mar 2018 12:07:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F2F91E0845 for ; Thu, 22 Mar 2018 12:07:21 +0000 (UTC) Received: from [10.100.0.22] (host-37-191-226-104.lynet.no [37.191.226.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id 928CA335C09; Thu, 22 Mar 2018 12:07:19 +0000 (UTC) Subject: Re: [gentoo-dev] Mailing list moderation and community openness To: gentoo-dev@lists.gentoo.org, Rich Freeman References: <4aab96fa-0edb-6a28-791e-28e2103f2a30@gentoo.org> <0818a5b0-cc1e-403f-6c08-1285999de30f@gentoo.org> <20180320160316.GA5785@whubbs1.gaikai.biz> <87605qs3pi.fsf@gentoo.org> <87a7v0d3jn.fsf@proton.d.airelinux.org> <7b5568a4-48f4-8723-24c9-a0121ba8ae03@gentoo.org> From: Kristian Fiskerstrand Message-ID: <1c3b41b2-3571-f049-79cb-433f9e7f8c55@gentoo.org> Date: Thu, 22 Mar 2018 13:07:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rb0eSJByTpmuAgXeT2rfPobjTrt4xKzv8" X-Archives-Salt: 5f40c37b-cfae-4175-ac15-b515ee1809b2 X-Archives-Hash: 13d93b27ca47615a51cee063efe6fd49 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rb0eSJByTpmuAgXeT2rfPobjTrt4xKzv8 Content-Type: multipart/mixed; boundary="ar3jhS9K12frxreI44xa8lVzz4lQOtqAA"; protected-headers="v1" From: Kristian Fiskerstrand Reply-To: k_f@gentoo.org To: gentoo-dev@lists.gentoo.org, Rich Freeman Message-ID: <1c3b41b2-3571-f049-79cb-433f9e7f8c55@gentoo.org> Subject: Re: [gentoo-dev] Mailing list moderation and community openness References: <4aab96fa-0edb-6a28-791e-28e2103f2a30@gentoo.org> <0818a5b0-cc1e-403f-6c08-1285999de30f@gentoo.org> <20180320160316.GA5785@whubbs1.gaikai.biz> <87605qs3pi.fsf@gentoo.org> <87a7v0d3jn.fsf@proton.d.airelinux.org> <7b5568a4-48f4-8723-24c9-a0121ba8ae03@gentoo.org> In-Reply-To: --ar3jhS9K12frxreI44xa8lVzz4lQOtqAA Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 03/22/2018 12:38 PM, Rich Freeman wrote: > On Thu, Mar 22, 2018 at 4:30 AM, Alexander Berntsen wrote: >> On 22/03/18 07:31, Benda Xu wrote: >>> We might be able to require GPG signed email to make a post. >> Almost definitely. >> >> But before bikeshedding that, it would be advisable to find out whethe= r >> it would be a good idea in the first place. Unless you want only >> prospective developers to be able to contribute to the ML (maybe you d= o >> want that?), it seems like a poor idea to unnecessarily exclude anyone= >> who doesn't care (nor want to care) about OpenPGP. >=20 > That, and getting yourself whitelisted by a dev is gong to be a lower > barrier than having to meet one in-person to have a key signed. That > is unless devs just start signing keys for people they've never met > (which honestly doesn't really bother me much as I don't put much > faith in the WoT anyway), in which case it turns into a whitelist that > only comrel can un-whitelist since I don't think you can revoke a > signature. The one issuing the signature can also revoke it (see revsig in --edit-ke= y). That said, I'd rather focus on our own devs having WoT and requiring it to become a developer long before we require it to be part of a mailing list. If anything the technical complexity of verifying it doesn't make much sense to me vs a simple whitelist. >=20 > Plus signing emails is a pain if you don't use an MUA that has this > feature, and the web-based ones which do aren't very good. >=20 --=20 Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --ar3jhS9K12frxreI44xa8lVzz4lQOtqAA-- --rb0eSJByTpmuAgXeT2rfPobjTrt4xKzv8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAlqznHAACgkQJQt6/tY3 nYUpmwf9HaKkq0xSLUIBLt9kwdxVXbUC+c5EFqidUqKs6CMxr4fiZZ1rdMhic0tC W5I/Qjtpkdnfqjv17eua7/I6EX5iyrdyt+AUJPxMkjBqv2t4vlYj/abVXquz/oxM ZcHcaoM/wRiK7iJSDDPxMEZSOl7VAQgsNZDLBQA+CFEakCQxOg3LyqZAsa9SxY1o TQk6MAafNr1wqs2ux/HjcpD+w5/kHdBrPCGBBFxLKlCvoQxrzfIlRGVlI43vBH/U yn3GEB/+JlStn7uLzot18mn/mxT49phWzBfbnW3TQynwFUlF6XWDNkiS4nR6Vetu VNF2yfVIHVLR/u+1LBrd9aVl4Bvgtw== =cqSg -----END PGP SIGNATURE----- --rb0eSJByTpmuAgXeT2rfPobjTrt4xKzv8--