From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q3CfF-0000TO-IF for garchives@archives.gentoo.org; Fri, 25 Mar 2011 19:27:17 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0EFDA1C080; Fri, 25 Mar 2011 19:27:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B21C1C067 for ; Fri, 25 Mar 2011 19:26:23 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7E3081B4107 for ; Fri, 25 Mar 2011 19:26:20 +0000 (UTC) Received: (qmail 32453 invoked by uid 10000); 25 Mar 2011 18:45:32 -0000 Date: Fri, 25 Mar 2011 18:45:32 +0000 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Message-ID: References: <20110325005026.55598579@epia.jer-c2.orkz.net> <20110325000931.GA21942@lemongrass.antoszka.pl> <20110325074824.TAf2c206.tv@veller.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jy6Sn24JjFx/iggw" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: X-Archives-Hash: 967d590738e57254ce0def27c40ab662 --jy6Sn24JjFx/iggw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 25, 2011 at 02:36:14PM -0400, Mike Frysinger wrote: > > To facilitate this, should we pick a preferred keyserver or two? =A0Devs > > of course are welcome to use others also, but if we're going to check > > for revocations, we should specify where devs should upload them to in > > order to make sure they hit the tree/etc. > > > > The preference need not be strictly applied, but even though those > > keyservers are supposed to talk to each other I've found that I get > > fairly different results if I refresh against various ones. > in practice, i think we've been requiring hkp://subkeys.pgp.net Subkeys.pgp.net is a rotation that's been a bit buggy of late. Of the 5 IPs in it right now: - 2 respond to pings, but not connections - 1 totally unreachable - 2 that work, but have slightly different versions of my key. The SKS rotation seems to be much better, and kingtaco was looking at running an additional SKS instance within Gentoo as our offical key point (also useful for speeding up fetching keys in verification). x-hkp://pool.sks-keyservers.net http://sks-keyservers.net/status/ http://sks-keyservers.net/overview-of-pools.php --=20 Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iEYEARECAAYFAk2M4swACgkQPpIsIjIzwiycggCcCGJUNv02S865tRfYJOlOepG+ YPkAoNvhggFij0d+mZvctVHyTylY4CHd =BYe8 -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw--