From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q38OP-0003PL-NJ for garchives@archives.gentoo.org; Fri, 25 Mar 2011 14:53:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E28E01C10E; Fri, 25 Mar 2011 14:52:43 +0000 (UTC) Received: from rrzmta1.uni-regensburg.de (rrzmta1.uni-regensburg.de [194.94.155.51]) by pigeon.gentoo.org (Postfix) with ESMTP id CF73A1C0E4 for ; Fri, 25 Mar 2011 14:50:02 +0000 (UTC) Received: from rrzmta1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 320311F4C for ; Fri, 25 Mar 2011 15:50:01 +0100 (CET) Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: hua59129) by rrzmta1.uni-regensburg.de (Postfix) with ESMTPSA id 2ADA31E27 for ; Fri, 25 Mar 2011 15:50:01 +0100 (CET) From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Date: Fri, 25 Mar 2011 15:50:12 +0100 User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; ) References: <20110325074824.TAf2c206.tv@veller.net> <20110325153338.0f8f450b@pomiocik.lan> In-Reply-To: <20110325153338.0f8f450b@pomiocik.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2672149.gvAmd4VT9j"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201103251550.12823.dilfridge@gentoo.org> X-Archives-Salt: X-Archives-Hash: 1682902fd63b3ce33eee06c3e92e83a2 --nextPart2672149.gvAmd4VT9j Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable > > Do you want to reject signed commits if > > - keys are not publicly available [1] >=20 > We'll need to define what does 'public availability' exactly mean? Does > that mean a specific keyserver? Good point. Although most keyservers synchronize each other, it might make = sense to define an additional location such as e.g. a keyring for download = on www.gentoo.org. > > - keys are revoked [3] >=20 > How about manifests signed before the key was revoked? And about keys being revoked by a revocation certificate that was generated= long time ago "just in case" (as even our docs recommend)... Yes I know th= is is a mess. =2D-=20 Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfridge@gentoo.org http://www.akhuettel.de/ --nextPart2672149.gvAmd4VT9j Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABCgAGBQJNjKukAAoJEEb+UGWnxTyHGDQP/jVJi+Own5Z91MmyVSQcifRX vx85/wws3O0XY1SvFmjOe9og4pvKBV+5lzI0GVLtODOrVhumAPzlj6/S+fP9iaSU 9N1bXAhr0ml4R2SiEWVfYbno/XLn9+9JeJzUWnFNVKWc0JwomeO5qDOapkFDkpzS CG46PlUHN+0YlF0cjBbC9WR7avs//vXf/zEsffmvKbpIATjioxGp/RMtf7HB/re0 J/66+bXOUm4+p2ruTAdh7xBOwO7JXzceS73nJeSu3Z9lMk4Zk7mr4P/IlgO+EXUk 3r2ezoYqtcLE3S2Np62MxzJO6mzm7J7KaO8UWa3r6AEKNSF63ke6uCreNiLqUE1O k0vn47etYqpTNPhviBN1VmLP6QRiwQZeIMXkB/CQh6al9wG/RCs3UawjoT0DTgNx pTDBOq0m8wW2QYM88kZr+0FjZ3s2Qy33yU19RZFwarqTTIx3+o4oxKRA0CiYwSti oVMAUA5+DT1lIsiM+C1GujAcmHDCsh+ZRQhdb0rBx1OFTpOJjBL6L+DoNkrcuWOX ishGj9lfWvnnd77sgvuR+j53q71mcLavFUv8Y5vcjRwMHhEViKzGAFzqOPx/4LlP QqS/807msI50y1faYS1Zk9dBiA5lwWicOW6hDtBvByiLMjQoSK88xcbw73khDKWw ovplcSMMK8mWv7tBz1Cg =lrSG -----END PGP SIGNATURE----- --nextPart2672149.gvAmd4VT9j--