From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9Jd8-0000Cb-Br for garchives@archives.gentoo.org; Thu, 29 Sep 2011 16:38:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DA05221C34F; Thu, 29 Sep 2011 16:38:29 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 7713521C346 for ; Thu, 29 Sep 2011 16:38:21 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-238-39.buffalo.res.rr.com [74.77.238.39]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id D77C51B4011 for ; Thu, 29 Sep 2011 16:38:20 +0000 (UTC) Message-ID: <4E849EFB.1020101@gentoo.org> Date: Thu, 29 Sep 2011 12:38:19 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110919 Lightning/1.0b3pre Lanikai/3.1.12 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Re: [gentoo-dev] Manifest signing References: <4E848879.2050100@gentoo.org> <4E848916.7010002@gentoo.org> <4E848ABF.7060308@gentoo.org> <201109291223.09032.vapier@gentoo.org> <4E849E7A.5000104@gentoo.org> In-Reply-To: <4E849E7A.5000104@gentoo.org> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 7f58d8df84dd27ecfe611e73137db79a On 09/29/2011 12:36 PM, Anthony G. Basile wrote: > On 09/29/2011 12:23 PM, Mike Frysinger wrote: >> On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote: >>> On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote: >>>> On 29/09/11 16:02, Anthony G. Basile wrote: >>>>> Is there any chance that we can agree to reject >>>>> unsigned manifests? Possibly a question for the Council to adjudicate? >>>> I am happy to back a mandatory signing policy for the main gentoo-x86 >>>> tree. This is a simple yes or no question that the council can vote on. >>> As previously discussed it would be nice to have some basic key policies >>> in place for that - they can be changed at any later time, but for now >>> we could agree on basic parameters like, say - >>> >>> at least 1024bit key length >>> at least 6 months validity from creation >>> one or more algorithms (initially DSA signatures and SHA1 hashing) >> there's nothing to decide as it was already outlined long ago in the docs: >> http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 >> >> if you want to *refine* that, then that's a different issue. but the devs >> already have all the info they need to start signing now. >> -mike > Thanks I didn't know that had made it to the devmanual. I drop my > original request. > > I guess the next step, if we were to take it, would be to have infra > enforce the policy automatically if a commit comes in which isn't signed. > Sorry sent this before getting Mike's email about https://bugs.gentoo.org/377233 -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535