From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Qp41p-0003vQ-Sk for garchives@archives.gentoo.org; Thu, 04 Aug 2011 19:56:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 657EE21C10A; Thu, 4 Aug 2011 19:56:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2A9C521C08F for ; Thu, 4 Aug 2011 19:56:03 +0000 (UTC) Received: from localhost (wl-dy-169-228-178-213.ucsd.edu [169.228.178.213]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dberkholz) by smtp.gentoo.org (Postfix) with ESMTPSA id AE0132AC015 for ; Thu, 4 Aug 2011 19:56:02 +0000 (UTC) Date: Thu, 4 Aug 2011 12:56:00 -0700 From: Donnie Berkholz To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Preparations Council meeting 2011-08-09 Message-ID: <20110804195600.GD4840@comet.ucsd.edu> References: <20110729175513.GA20656@gentoo.org> <4E371FD4.1040407@gentoo.org> <4E3A9D9B.4090100@gentoo.org> <4E3AADC7.9050901@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x4pBfXISqBoDm8sr" Content-Disposition: inline In-Reply-To: <4E3AADC7.9050901@gentoo.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: X-Archives-Hash: 4d2925b9f53ec26fab18f35778da5977 --x4pBfXISqBoDm8sr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 16:33 Thu 04 Aug , Patrick Lauer wrote: > On 08/04/11 15:24, Dane Smith wrote: > >> A small thing which I've brought up for discussion twice (and both tim= es > >> it was mostly ignored), but which I'd really like to see discussed or > >> even agreed on: > >> > >> A simple policy making signed commits mandatory, plus a simple policy = on > >> key length, permissible encryption/signature algorithms, and a > >> well-defined place where (public) keys are made available for verifying > >> and checking the validity of the signatures. > >> > >> > >=20 > > IMHO: > > Key Length: 2048 > > Enc/Sig: RSA Signatures, sha256 hashes > As a first iteration I think this is "good enough", we can still discuss > the finer details (but I think that'll mostly be bikeshedding and should > not stop us now from defining an initial standard) I'm happy to vote on a standard whenever you experts can come up with a=20 concrete set of requirements to propose. --=20 Thanks, Donnie Donnie Berkholz Council Member / Sr. Developer Gentoo Linux Blog: http://dberkholz.com --x4pBfXISqBoDm8sr Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk46+VAACgkQXVaO67S1rttclwCfVe9PtdDrCchre0KdNpEvmp/r GXQAn3IrS3FtZFMXXYWu6aHzDWw3tcfK =+MEw -----END PGP SIGNATURE----- --x4pBfXISqBoDm8sr--