From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18417 invoked by uid 1002); 11 Aug 2003 14:01:13 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 16121 invoked from network); 11 Aug 2003 14:01:13 -0000 Date: Mon, 11 Aug 2003 14:01:07 +0000 From: Tavis Ormandy To: Kurt Lieber Cc: gentoo-dev@gentoo.org Message-ID: <20030811140107.GA25883@sdf.lonestar.org> References: <20030810223914.GB27538@sdf.lonestar.org> <20030810232734.GJ1819@mail.lieber.org> <20030811000210.GB8548@sdf.lonestar.org> <20030811092156.GO1819@mail.lieber.org> <20030811113518.GA29154@sdf.lonestar.org> <20030811133311.GP1819@mail.lieber.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030811133311.GP1819@mail.lieber.org> User-Agent: Mutt/1.5.3i Subject: Re: [gentoo-dev] Finger GLEP X-Archives-Salt: d75beb21-a4dc-4a8d-9b64-b3af92ce4e45 X-Archives-Hash: a24ce2b91e1795953f5bbf4ccb1deae2 On Mon, Aug 11, 2003 at 09:33:14AM -0400, Kurt Lieber wrote: > > The efforts we have underway with secure portage will require developers to > have and maintain a GPG key. It will also require them to place said key > on a public keyserver. > Cool, problem solved. > Well, at this point, I'm inclined to reject this GLEP and/or ask you to > re-work it to incorporate some of the changes suggested by myself and > others. Specifically: > Cool, it was just a proposal. > * Data needs to be maintained in one central repository. I never meant to dispute this, i have no problem with storing information wherever you like. The .plans, .projects and .pgpkeys in my proposal would be a means of easily distributing pgpkeys (for _NON_ portage use, eg personal keyrings, encrypting emails, verifying patches, etc, etc), and presenting information for interested users that would be up to the developer to maintain, eg status updates, project activities, etc. > * I'm not opposed to offering fingerd as a means of data transport, as long > as it pulls data from the central repository mentioned above. Well, im not so keen on that idea, although not totally opposed if your not open to discussion on it. The proposal was meant as a means for a developer to easily keep some information that applies to them personally, and their work on any projects, etc. And would be entirely up to them as to the format. > * I'd also be open to allowing devs the option of *supplementing* the > information available via fingerd by creating a .plan or whatever. > However, the core info (GPG key, name, herds info, etc.) needs to be > maintained in the central repository. This is essentially what i was proposing. > Basically, I see the benefits of offering fingerd as a service to our users > and am willing to support that, infrastructure-wise. Excellent! > I do not agree, however, that fingerd should be the *primary* method of distributing this > info. I totally agree, and would not have proposed this. > nor do I support the idea of storing critical information such as GPG > keys in developer home dirs -- at least not as the primary "official" > repository. well, if by primary repository you mean where secure portage will obtain the keys from, i dont mind that at all. The finger server in my proposal would be for the benfit of users, and other developers, not a means of implementing the improvements to portage. -- ------------------------------------- taviso@sdf.lonestar.org | finger me for my gpg key. ------------------------------------------------------- -- gentoo-dev@gentoo.org mailing list