Am Donnerstag, 31. Januar 2019, 18:33:25 CET schrieb Rich Freeman: > On Thu, Jan 31, 2019 at 8:56 AM Michał Górny wrote: > > 1. It is entirely customary and therefore requires customized software > > > > to use. In other words, it's of limited usefulness to people outside > > Gentoo or does not work out of the box there. > > This part could be addressed easily by having Gentoo create a signing > key, and automatically signing all dev keys based on LDAP using it. > Then users can trust that one key and inherit trust for the rest. > > Users have to opt into the trust model by trusting somebody's key no > matter what. No reason that couldn't be a centrally-managed one. Nitpicking: Gentoo infra would only sign a @gentoo.org uid, and whether it should contain a name or not would need to be defined (and published somewhere as signature policy). But yes, that is a (different) obvious way to go. -- Andreas K. Hüttel dilfridge@gentoo.org Gentoo Linux developer (council, toolchain, base-system, perl, libreoffice)