From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q38KX-0002v3-SU for garchives@archives.gentoo.org; Fri, 25 Mar 2011 14:49:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 87C2F1C0DB; Fri, 25 Mar 2011 14:49:14 +0000 (UTC) Received: from rrzmta2.uni-regensburg.de (rrzmta2.uni-regensburg.de [194.94.155.52]) by pigeon.gentoo.org (Postfix) with ESMTP id 4AF581C0A8 for ; Fri, 25 Mar 2011 14:47:49 +0000 (UTC) Received: from rrzmta2.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 35A94380F for ; Fri, 25 Mar 2011 15:47:48 +0100 (CET) Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: hua59129) by rrzmta2.uni-regensburg.de (Postfix) with ESMTPSA id 2FD50380E for ; Fri, 25 Mar 2011 15:47:48 +0100 (CET) From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Date: Fri, 25 Mar 2011 15:47:58 +0100 User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; ) References: <201103250953.19757.dilfridge@gentoo.org> <20110325153031.4b00d583@pomiocik.lan> In-Reply-To: <20110325153031.4b00d583@pomiocik.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1728446.nufa55HuyF"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201103251547.59094.dilfridge@gentoo.org> X-Archives-Salt: X-Archives-Hash: 5c6883cda3a4c898c119a5980f268d42 --nextPart1728446.nufa55HuyF Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable > > * The key must have an userid that refers to an official Gentoo > > e-mail address. E.g. dilfridge@gentoo.org >=20 > I think this is pretty useless assuming we're already wanting > to limit the amount of keys trusted to a specific list. See the remark in a separate sub-thread about signing... Deciding key validity based on signatures is a lot better than based on a c= entral list. Otherwise we are just duplicating existing infrastructure. > > * The userid should have some specific "default string" in its > > comment field, like "Gentoo manifest signing key". >=20 > What's the point of this? I don't see a reason to enforce a dev to have > a dedicated Manifest signing key, and even more I don't see a reason to > add such comments to normal keys. Well it's probably not necessary. It might simplify identification of the U= ID that determines key validity though. =2D-=20 Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfridge@gentoo.org http://www.akhuettel.de/ --nextPart1728446.nufa55HuyF Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABCgAGBQJNjKsfAAoJEEb+UGWnxTyHxJ4P/AqWkenrQhM7cB7LgvfQwf7M jMdFjZmvIRM/GYmV0XPBgSXmEC77a1Evpsf4cPdK86UsgvMN9OAEm4Wp2VG2Ph8p EjiJtA2HZEt79gl5ZL8POmQ6M03CviROrSh8L2qlciEnyYFwkjqHiwPdtlAss5Gu qM25x+R9LQb6W4EdkcTt2BbwXq6xYUc3nKkRQowjLkYEsPDz+ajqCFTYbHXOSTL/ +nIP0BwoL0fIxh0Wvxco8h21CCWMlq0tYxhFu87ipWSgTF+XUAJRmy2PKNdX1Sgc 0vH7uSg+aD0owyny/EL7RxKZjXvz5ybSZPHzTIYQrwfI5WFq818AChDZsiz14IlY UJvC1nw4SkLnL26SFqs8lb3cuRHz6wYBnk3RxQyRVoH5kItkTb7wrPV0oGJcLDiY GrV5RfxOIgjEJjeSpxyhcz8S8AUUfqRCNLqaqZU/TAZbcqjQ8OebVGJTNM0wfnCb wltR3VaXgvCB2Ryb05l8aoD10SI+3FOuw22sRbEOEbuJWJteQ2OOE93WCSDDnemg 3z8SGqVkQeci3CN3N8i0NRKpRxR0vtPZbyOc+gnIttITHy9kiOcZhpFFZXxk75Fr DigI4+bzAKJfkNop//K9psoTlZFpbRpKSo6qoTr9fjmkMgKyiBB+9LNoVVyE+F3S xEXk79hDYx704odhwLMN =zKWK -----END PGP SIGNATURE----- --nextPart1728446.nufa55HuyF--