From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44976-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q3C0Z-0002cj-01
	for garchives@archives.gentoo.org; Fri, 25 Mar 2011 18:45:15 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 77E1F1C05C;
	Fri, 25 Mar 2011 18:45:06 +0000 (UTC)
Received: from mail-iw0-f181.google.com (mail-iw0-f181.google.com [209.85.214.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 904CD1C00E
	for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 18:44:37 +0000 (UTC)
Received: by iwn2 with SMTP id 2so1692101iwn.40
        for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 11:44:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:in-reply-to:references:from
         :date:x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=+XUtAsLSC0h4krlVDkf4AvSIBYm5dNx221isjpuVUrE=;
        b=tkvtdWO7XcHQLNSLZ5kMh5PQrF0kX0q2ovRtkFfxVIPiXtmJpeGhqiSwQzalzWt/GF
         42tWY9KXiwJ9y+35982lihFYTSgKTUbH6nkU1J3ixX/FlBtvFMHhwOL5nQ2rglCnsf74
         UvzPzwVOwI+F94YXNhzLRVo+np2z1VaIwbTpA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        b=fbpMGyRtwGoabsiMt+ItZVZ9UBHV4bZxN3COoFEruOwDFt4I5m8ule2nundKLX0jWE
         koXjDlJrF1dN1YTJMsuuEnfrxPCe41AKpljeAEcQuG74qQYJyHY41PjmI6bIivaU+CkS
         vt2cF7x72w7etJex3N2XVrm5gK+SG4Bh4us2I=
Received: by 10.42.134.132 with SMTP id l4mr1746324ict.13.1301078677113; Fri,
 25 Mar 2011 11:44:37 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: vapierfilter@gmail.com
Received: by 10.231.11.195 with HTTP; Fri, 25 Mar 2011 11:44:17 -0700 (PDT)
In-Reply-To: <1301047872.24707.10.camel@tablet>
References: <AANLkTi=4o69ytUxAVpy-O31AWQv-5p4bEWD2466NWYGx@mail.gmail.com> <1301047872.24707.10.camel@tablet>
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 25 Mar 2011 14:44:17 -0400
X-Google-Sender-Auth: NJQjvRUYG6as14HxJ1EoSWD4ZtQ
Message-ID: <AANLkTikKZ1_V5Vywaxxy1GwAzE5HKN-L6PAAtXwbX8E1@mail.gmail.com>
Subject: Re: [gentoo-dev] rejecting unsigned commits
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 8d8122b0ff2c03137ef408ac2fcf4fab

On Fri, Mar 25, 2011 at 6:11 AM, Peter Volkov wrote:
> =F7 =FE=D4=D7, 24/03/2011 =D7 17:59 -0400, Mike Frysinger =D0=C9=DB=C5=D4=
:
>> is there any reason we should allow people to commit unsigned
>> Manifest's anymore ?
>
> Why? Without policy on how we do that and more importantly how we check
> that signing makes no sense...

so you want to wait until we have a 100% fully automated checking
system in place before even attempting the first 1% ?  that doesnt
make much sense ... you have to start somewhere.

there's also nothing stopping people from verifying packages right now
by picking some keys to trust.  i can certainly verify a lot of
packages by following the web of trust that starts at my key.
-mike