From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44986-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q3D1q-000332-Gh
	for garchives@archives.gentoo.org; Fri, 25 Mar 2011 19:50:41 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2256D1C0AD;
	Fri, 25 Mar 2011 19:50:28 +0000 (UTC)
Received: from rrzmta1.uni-regensburg.de (rrzmta1.uni-regensburg.de [194.94.155.51])
	by pigeon.gentoo.org (Postfix) with ESMTP id 40F2C1C090
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 19:50:03 +0000 (UTC)
Received: from rrzmta1.uni-regensburg.de (localhost [127.0.0.1])
	by localhost (Postfix) with SMTP id 87F901E52
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 20:50:02 +0100 (CET)
Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	(Authenticated sender: hua59129)
	by rrzmta1.uni-regensburg.de (Postfix) with ESMTPSA id 8238A1E27
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 20:50:02 +0100 (CET)
From: "Andreas K. Huettel" <dilfridge@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: rejecting unsigned commits
Date: Fri, 25 Mar 2011 20:50:13 +0100
User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; )
References: <AANLkTi=4o69ytUxAVpy-O31AWQv-5p4bEWD2466NWYGx@mail.gmail.com> <201103250953.19757.dilfridge@gentoo.org> <AANLkTimQDA7FPxuRtBrp5wYiC3MvcJDnbf-yS-B3KOMO@mail.gmail.com>
In-Reply-To: <AANLkTimQDA7FPxuRtBrp5wYiC3MvcJDnbf-yS-B3KOMO@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1960966.Uh9kneA4gC";
  protocol="application/pgp-signature";
  micalg=pgp-sha512
Content-Transfer-Encoding: 7bit
Message-Id: <201103252050.13759.dilfridge@gentoo.org>
X-Archives-Salt: 
X-Archives-Hash: fa76ce1142b515e45504cc0e4e1d612f

--nextPart1960966.Uh9kneA4gC
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

> > * The key must have an userid that refers to an official Gentoo e-mail
> > address. E.g. dilfridge@gentoo.org
>=20
> no.  there's no reason for this requirement, and it prevents proxy
> maintenance long term.  e-mail addresses do not verify identity,
> verifying identify verifies identity.  this is the point of the web of
> trust.

So what sort of identity do you want to verify? Seriously, at the moment wh=
en I got my commit bit, noone from Gentoo had ever met me in person, and fo=
r sure noone had ever had a look at my passport or any similar legal docume=
nt. The only established connection was my preexisting gpg key, which was t=
hen coupled to my gentoo account.

As for proxy maintenance, isn't the whole point of that that the proxied ma=
intainers are not devs and do not have (commit access | a gentoo.org user i=
d)? I do not understand how this would prevent proxy maintenance.=20

Now, e.g. overlay access is a different matter. But first things first.


=2D-=20
Andreas K. Huettel
Gentoo Linux developer - kde, sci, arm, tex
dilfridge@gentoo.org
http://www.akhuettel.de/

--nextPart1960966.Uh9kneA4gC
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQIcBAABCgAGBQJNjPH1AAoJEEb+UGWnxTyHvq8P/isdR9PDD2OLc3DRIEOLeaMr
9vLa5Wn8VKe9RtZhqLpYWb7PiLD2h5uzTvMqi1pbSgotmphPRwdU2bZlQDoDusyh
pzUGtQuMbhg3wbCHN5gEMOV6PFm10qcNyQkVUia2u721ARohtjIAiPAlfFvN/J1E
zSh8YwEgdHKiN7z2lwUXzdsiqtI5WDoGcAXsX4/KYxxk2P0wSdyIohNhjtRnPar4
cxYNIoYNaoU8EJEKFuHUn0CH0ktLGWgwlJsEUs/ui6rCSbYGq7sqez4xVuTQWY1t
IQQPCegt45isj7ks0NBtFBuDgDl2r5AmUVJHUZJRf1MnqE3+JEzW/piKzaXoB1K8
0ByErynEdLRmfrEMzOOa6NNlzGJd0Atdtm0M8DBmUPHVioZVpT2ldxKMaU/kmFWo
8RM4R083fP7AeWr24mKpgoDM5651twQq9iWyWSOgM3rKbnM/1+H8TqDGcyoQ8tMO
CayoG9ye8sutzdfQYRe/VN/7VBWgC2CYZBSAH0l5qQbuJExTca9TcEnrD7V081Ui
3yapxoNFLx+lMomso1yiDMTscfZ5MdbN3oiXyJmCdtPOGjNNWP5hiB8+F9ugIj7Y
aJAhXKChIRkKywAs70FiSLHT/+0zjJUxugN7J9fJO4IT0Sok8Eh3lfQWfuhDy+NY
nbJV3A9UmEO3qq5z3+gO
=o5uv
-----END PGP SIGNATURE-----

--nextPart1960966.Uh9kneA4gC--