From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q387a-0001GS-Gw for garchives@archives.gentoo.org; Fri, 25 Mar 2011 14:36:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A0B8A1C077; Fri, 25 Mar 2011 14:35:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B6FF91C06C for ; Fri, 25 Mar 2011 14:33:51 +0000 (UTC) Received: from pomiocik.lan (87-205-64-126.adsl.inetia.pl [87.205.64.126]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id E470D1B400F; Fri, 25 Mar 2011 14:33:44 +0000 (UTC) Date: Fri, 25 Mar 2011 15:33:38 +0100 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: ml-en@veller.net Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Message-ID: <20110325153338.0f8f450b@pomiocik.lan> In-Reply-To: <20110325074824.TAf2c206.tv@veller.net> References: <20110325005026.55598579@epia.jer-c2.orkz.net> <20110325000931.GA21942@lemongrass.antoszka.pl> <20110325074824.TAf2c206.tv@veller.net> Organization: Gentoo X-Mailer: Claws Mail 3.7.8 (GTK+ 2.24.3; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/mfabpmT5EpZYMTzwQ56+4Qm"; protocol="application/pgp-signature" X-Archives-Salt: X-Archives-Hash: 616cbaadfb9682203d3831cac25dd196 --Sig_/mfabpmT5EpZYMTzwQ56+4Qm Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 25 Mar 2011 08:15:32 +0100 Torsten Veller wrote: > Do you want to reject signed commits if > - keys are not publicly available [1] We'll need to define what does 'public availability' exactly mean? Does that mean a specific keyserver? > - keys are revoked [3] How about manifests signed before the key was revoked? --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/mfabpmT5EpZYMTzwQ56+4Qm Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk2Mp8cACgkQnGSe5QXeB7uTJgCg47F9368FAzAWUgR05SosNThK 37gAn2mAVAza5E/thSKDWryp0Co1ke2I =DGfF -----END PGP SIGNATURE----- --Sig_/mfabpmT5EpZYMTzwQ56+4Qm--