From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4E864138334 for ; Mon, 29 Apr 2019 15:10:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F2A73E0880; Mon, 29 Apr 2019 15:10:29 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C3288E087B for ; Mon, 29 Apr 2019 15:10:29 +0000 (UTC) Received: from gentoo.org (unknown [IPv6:2001:470:e1cc:3::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: prometheanfire) by smtp.gentoo.org (Postfix) with ESMTPSA id 769E4342F48 for ; Mon, 29 Apr 2019 15:10:27 +0000 (UTC) Date: Mon, 29 Apr 2019 10:10:22 -0500 From: Matthew Thode To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Call for agenda items - Council meeting 2019-05-12 Message-ID: <20190429151022.if5jmhuutpms25uj@gentoo.org> References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="foookyes64bu7pfd" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Archives-Salt: 57c19989-1954-4727-a827-82b85a5ab7e2 X-Archives-Hash: fc8b00782d58baad1f2c49415ba4bc60 --foookyes64bu7pfd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 19-04-28 21:46:24, Rich Freeman wrote: > On Sun, Apr 28, 2019 at 6:42 PM Thomas Deutschmann wr= ote: > > > > Please respond to this message with agenda items. Do not hesitate to > > repeat your agenda item here with a pointer if you previously > > suggested one (since the last meeting). > > >=20 > I would like the council to consider my patch to GLEP 63 to allow a > single combined primary/signing key when the key is stored on a > smartcard, so that keys may be generated on a Nitrokey without relying > on a primary key maintained offline in software, which I think will > not happen much in practice. This should increase the security of > signing keys by reducing handling or even storage of primary keys on > internet-connected hosts (which the GLEP already allows for). >=20 > Patch and discussion at: > https://archives.gentoo.org/gentoo-dev/message/d05070a200e4f5858642d308d9= b3e39f My main concern here is devs needing to re-establish their keys with infra in a trusted maner when the key is lost/stolen or otherwise defunct. Re-establishing that trust may be outside the scope of this request though. --=20 Matthew Thode (prometheanfire) --foookyes64bu7pfd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEExFR3cOKGRpGbcMHPZKN76q4ZpOgFAlzHE90ACgkQZKN76q4Z pOg3LxAAnaLvfLP7p114Tf7JeqgKhhbiLLeKx3c/DDLJ25Y3TDWtNTsFxtwbJNFa f6hpKQkBc3jVSxxniTwFaPGw/2DNWhrB/tHKw4qRqXcHVTkgS9HrvcIzHlSuAeiW TZAsNK6rL5U4amtsyHqcSkLu6vy1izUM5YX5djhTCtQ6B44CTiaCj9p4MevYHKok IFt/9ybc4PVPyQik6kTDUxzI8eV9rHu0Wdjbup4taDprXVBEvMaOdJJ2ZvO/WXDT iR79HBFbZd43d6+CplWD/+Sf5Qyma4y+7JBNfyKN0jJR3mo2gU5uzA8sr5wrsf5V yOntDrZgqH3BzaxJ68YIWv2qAiGHBOE8I0m+OSEuDgHfjEAveFQ7rlezlFmBVHOz j6a7GWK560uVBammn4lI3LL/5s7fGnA0R3sg5UU5TEto5bbvAfwwIgydOmKjnhNA r0gE/9XfaFSEMlxl6hTTSYmZP1I5Way9sej3YjpXkY+w3Wb0MM5CylTQiZHD9WdR 0fM1Npn9NaTo0eGIurdOMNRTKgDerXIUNVSzWXDkcgjpJpFpC2ht1TpdWCd0MP7D LSNNVrkLuQ5Si2awmMJoq7uzRKic1vNY1zlheFzxLpriEPWyhOM/sGz7jS2oqUkH y/QmdblbyC42UAD1xxlnIoirBGu3h1LRUtnmIA4qRI8+xKxzb4E= =3XGl -----END PGP SIGNATURE----- --foookyes64bu7pfd--