From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q31VY-0007hX-SH for garchives@archives.gentoo.org; Fri, 25 Mar 2011 07:32:33 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A0601C041; Fri, 25 Mar 2011 07:32:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id F236C1C010 for ; Fri, 25 Mar 2011 07:31:57 +0000 (UTC) Received: from [192.168.1.41] (unknown [222.44.41.33]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: patrick) by smtp.gentoo.org (Postfix) with ESMTPSA id E5A051B40D7 for ; Fri, 25 Mar 2011 07:31:55 +0000 (UTC) Message-ID: <4D8C44E4.4080400@gentoo.org> Date: Fri, 25 Mar 2011 15:31:48 +0800 From: Patrick Lauer User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110306 Lightning/1.0b3pre Thunderbird/3.1.9 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits References: <20110325005026.55598579@epia.jer-c2.orkz.net> <20110325000931.GA21942@lemongrass.antoszka.pl> <20110325074824.TAf2c206.tv@veller.net> In-Reply-To: <20110325074824.TAf2c206.tv@veller.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: c90a7a41c71a20e24ce6d1de22225f2d On 03/25/11 15:15, Torsten Veller wrote: > * Mike Frysinger : >> On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: > [Manifest signing] >>> Does that get us any closer to GLEPs 57, 58, 59 (or generally >>> approaching the tree-signing/verifying group of problems)? >> >> yes > > I think, it's a "no". > The MetaManifest GLEP relies on a signed top-level "MetaManifest" which > hashes all sub Manifests, whether they are signed or not doesn't matter. I'd say that those are two independent issues. But by starting to figure out how to force signed commits for everyone we at least get the infrastructure done. As long as we have no strict guidelines I don't see any advantage of using signed commits, so I've never used them. Getting a coherent policy for that sounds like a really good idea (key length, expiry time, availability on keyservers etc.) > > I don't see a major advantage to signed portage snapshots we already > offer today. > > > Do you want to reject signed commits if > - keys are not publicly available [1] > - signatures are from expired keys [2] > - keys are revoked [3] > - keys are not listed in userinfo.xml (current or former devs) [4] Yes, yes, yes, and yes :) But since we don't have policies in place yet it's a bit of a mess right now. So. What parameters do we need to agree on? And what's a realistic timeframe *if* we decide to go ahead with it? Waiting for good answers :) Patrick -- Patrick Lauer http://service.gentooexperimental.org Gentoo Council Member and Evangelist Part of Gentoo Benchmarks, Forensics, PostgreSQL, KDE herds