From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44965-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q38OP-0003PL-NJ
	for garchives@archives.gentoo.org; Fri, 25 Mar 2011 14:53:37 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E28E01C10E;
	Fri, 25 Mar 2011 14:52:43 +0000 (UTC)
Received: from rrzmta1.uni-regensburg.de (rrzmta1.uni-regensburg.de [194.94.155.51])
	by pigeon.gentoo.org (Postfix) with ESMTP id CF73A1C0E4
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 14:50:02 +0000 (UTC)
Received: from rrzmta1.uni-regensburg.de (localhost [127.0.0.1])
	by localhost (Postfix) with SMTP id 320311F4C
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 15:50:01 +0100 (CET)
Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	(Authenticated sender: hua59129)
	by rrzmta1.uni-regensburg.de (Postfix) with ESMTPSA id 2ADA31E27
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 15:50:01 +0100 (CET)
From: "Andreas K. Huettel" <dilfridge@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: rejecting unsigned commits
Date: Fri, 25 Mar 2011 15:50:12 +0100
User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; )
References: <AANLkTi=4o69ytUxAVpy-O31AWQv-5p4bEWD2466NWYGx@mail.gmail.com> <20110325074824.TAf2c206.tv@veller.net> <20110325153338.0f8f450b@pomiocik.lan>
In-Reply-To: <20110325153338.0f8f450b@pomiocik.lan>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2672149.gvAmd4VT9j";
  protocol="application/pgp-signature";
  micalg=pgp-sha512
Content-Transfer-Encoding: 7bit
Message-Id: <201103251550.12823.dilfridge@gentoo.org>
X-Archives-Salt: 
X-Archives-Hash: 1682902fd63b3ce33eee06c3e92e83a2

--nextPart2672149.gvAmd4VT9j
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

> > Do you want to reject signed commits if
> > - keys are not publicly available [1]
>=20
> We'll need to define what does 'public availability' exactly mean? Does
> that mean a specific keyserver?

Good point. Although most keyservers synchronize each other, it might make =
sense to define an additional location such as e.g. a keyring for download =
on www.gentoo.org.

> > - keys are revoked [3]
>=20
> How about manifests signed before the key was revoked?

And about keys being revoked by a revocation certificate that was generated=
 long time ago "just in case" (as even our docs recommend)... Yes I know th=
is is a mess.


=2D-=20
Andreas K. Huettel
Gentoo Linux developer - kde, sci, arm, tex
dilfridge@gentoo.org
http://www.akhuettel.de/

--nextPart2672149.gvAmd4VT9j
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQIcBAABCgAGBQJNjKukAAoJEEb+UGWnxTyHGDQP/jVJi+Own5Z91MmyVSQcifRX
vx85/wws3O0XY1SvFmjOe9og4pvKBV+5lzI0GVLtODOrVhumAPzlj6/S+fP9iaSU
9N1bXAhr0ml4R2SiEWVfYbno/XLn9+9JeJzUWnFNVKWc0JwomeO5qDOapkFDkpzS
CG46PlUHN+0YlF0cjBbC9WR7avs//vXf/zEsffmvKbpIATjioxGp/RMtf7HB/re0
J/66+bXOUm4+p2ruTAdh7xBOwO7JXzceS73nJeSu3Z9lMk4Zk7mr4P/IlgO+EXUk
3r2ezoYqtcLE3S2Np62MxzJO6mzm7J7KaO8UWa3r6AEKNSF63ke6uCreNiLqUE1O
k0vn47etYqpTNPhviBN1VmLP6QRiwQZeIMXkB/CQh6al9wG/RCs3UawjoT0DTgNx
pTDBOq0m8wW2QYM88kZr+0FjZ3s2Qy33yU19RZFwarqTTIx3+o4oxKRA0CiYwSti
oVMAUA5+DT1lIsiM+C1GujAcmHDCsh+ZRQhdb0rBx1OFTpOJjBL6L+DoNkrcuWOX
ishGj9lfWvnnd77sgvuR+j53q71mcLavFUv8Y5vcjRwMHhEViKzGAFzqOPx/4LlP
QqS/807msI50y1faYS1Zk9dBiA5lwWicOW6hDtBvByiLMjQoSK88xcbw73khDKWw
ovplcSMMK8mWv7tBz1Cg
=lrSG
-----END PGP SIGNATURE-----

--nextPart2672149.gvAmd4VT9j--