From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q3D1q-000332-Gh for garchives@archives.gentoo.org; Fri, 25 Mar 2011 19:50:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2256D1C0AD; Fri, 25 Mar 2011 19:50:28 +0000 (UTC) Received: from rrzmta1.uni-regensburg.de (rrzmta1.uni-regensburg.de [194.94.155.51]) by pigeon.gentoo.org (Postfix) with ESMTP id 40F2C1C090 for ; Fri, 25 Mar 2011 19:50:03 +0000 (UTC) Received: from rrzmta1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 87F901E52 for ; Fri, 25 Mar 2011 20:50:02 +0100 (CET) Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: hua59129) by rrzmta1.uni-regensburg.de (Postfix) with ESMTPSA id 8238A1E27 for ; Fri, 25 Mar 2011 20:50:02 +0100 (CET) From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Date: Fri, 25 Mar 2011 20:50:13 +0100 User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; ) References: <201103250953.19757.dilfridge@gentoo.org> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1960966.Uh9kneA4gC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201103252050.13759.dilfridge@gentoo.org> X-Archives-Salt: X-Archives-Hash: fa76ce1142b515e45504cc0e4e1d612f --nextPart1960966.Uh9kneA4gC Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > > * The key must have an userid that refers to an official Gentoo e-mail > > address. E.g. dilfridge@gentoo.org >=20 > no. there's no reason for this requirement, and it prevents proxy > maintenance long term. e-mail addresses do not verify identity, > verifying identify verifies identity. this is the point of the web of > trust. So what sort of identity do you want to verify? Seriously, at the moment wh= en I got my commit bit, noone from Gentoo had ever met me in person, and fo= r sure noone had ever had a look at my passport or any similar legal docume= nt. The only established connection was my preexisting gpg key, which was t= hen coupled to my gentoo account. As for proxy maintenance, isn't the whole point of that that the proxied ma= intainers are not devs and do not have (commit access | a gentoo.org user i= d)? I do not understand how this would prevent proxy maintenance.=20 Now, e.g. overlay access is a different matter. But first things first. =2D-=20 Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfridge@gentoo.org http://www.akhuettel.de/ --nextPart1960966.Uh9kneA4gC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABCgAGBQJNjPH1AAoJEEb+UGWnxTyHvq8P/isdR9PDD2OLc3DRIEOLeaMr 9vLa5Wn8VKe9RtZhqLpYWb7PiLD2h5uzTvMqi1pbSgotmphPRwdU2bZlQDoDusyh pzUGtQuMbhg3wbCHN5gEMOV6PFm10qcNyQkVUia2u721ARohtjIAiPAlfFvN/J1E zSh8YwEgdHKiN7z2lwUXzdsiqtI5WDoGcAXsX4/KYxxk2P0wSdyIohNhjtRnPar4 cxYNIoYNaoU8EJEKFuHUn0CH0ktLGWgwlJsEUs/ui6rCSbYGq7sqez4xVuTQWY1t IQQPCegt45isj7ks0NBtFBuDgDl2r5AmUVJHUZJRf1MnqE3+JEzW/piKzaXoB1K8 0ByErynEdLRmfrEMzOOa6NNlzGJd0Atdtm0M8DBmUPHVioZVpT2ldxKMaU/kmFWo 8RM4R083fP7AeWr24mKpgoDM5651twQq9iWyWSOgM3rKbnM/1+H8TqDGcyoQ8tMO CayoG9ye8sutzdfQYRe/VN/7VBWgC2CYZBSAH0l5qQbuJExTca9TcEnrD7V081Ui 3yapxoNFLx+lMomso1yiDMTscfZ5MdbN3oiXyJmCdtPOGjNNWP5hiB8+F9ugIj7Y aJAhXKChIRkKywAs70FiSLHT/+0zjJUxugN7J9fJO4IT0Sok8Eh3lfQWfuhDy+NY nbJV3A9UmEO3qq5z3+gO =o5uv -----END PGP SIGNATURE----- --nextPart1960966.Uh9kneA4gC--