From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8759C138334 for ; Fri, 1 Feb 2019 12:51:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 61C63E0BDF; Fri, 1 Feb 2019 12:51:12 +0000 (UTC) Received: from mo6-p05-ob.smtp.rzone.de (mo6-p05-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5305::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05611E0833 for ; Fri, 1 Feb 2019 12:51:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1549025470; s=strato-dkim-0002; d=akhuettel.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=KE09/6iS6hF2s2t2Sc1s1IYAWZPruX+xuHddmG1pMc4=; b=eIJ8eAOt1TKCSeT5Kwjqk+vkg2rK2Rv16k5Ddc5CzXcJaJBmo3r2m1glcroIRJYjFF lV9bgsPKETd7Y0kFri3mYcokMdWitV9bpsf1eR+wIbOelweJR8bzuathP7ztbzPJvMyO nNF3Ew9nsaHMiHlEkuh7GUsOMUDAVRAky0QKeIszgA1CmOkoPelquX51dlO7Yv5vZeQu DXdQJzusBJuIwVQUhZqKnfZRQrT/oWkW43XH3e8MIT6dczM87VDFCIbwwCj8D6q3DA/S 4uPRXbUwLO6CKv2K4x+/Ha+hufzLoJIcg/sdpDICjJfBI7fejCWqYtz5iqko6GcvnhTq tPPg== X-RZG-AUTH: ":IW0NeWCpcPchHrcnS4ebzBgQnKHTmkWA4CWORNSv8N53ayXN3oevcYUH1GZ/bxBHaw==" X-RZG-CLASS-ID: mo05 Received: from porto.localnet by smtp.strato.de (RZmta 44.9 DYNA|AUTH) with ESMTPSA id L0904av11Cp7nFo (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Fri, 1 Feb 2019 13:51:07 +0100 (CET) From: "Andreas K. Huettel" To: gentoo-project@lists.gentoo.org Cc: Rich Freeman Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust Date: Fri, 01 Feb 2019 13:51:03 +0100 Message-ID: <516346270.SVv7vubeFm@porto> Organization: Gentoo Linux In-Reply-To: References: <1548943008.796.1.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3231585.0HuCePRQih"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Archives-Salt: b36e380d-aafe-43d5-879a-21496883435e X-Archives-Hash: 9f4734cdd0b182c8de80eceb404766c5 --nextPart3231585.0HuCePRQih Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Am Donnerstag, 31. Januar 2019, 18:33:25 CET schrieb Rich Freeman: > On Thu, Jan 31, 2019 at 8:56 AM Micha=C5=82 G=C3=B3rny wrote: > > 1. It is entirely customary and therefore requires customized software > >=20 > > to use. In other words, it's of limited usefulness to people outside > > Gentoo or does not work out of the box there. >=20 > This part could be addressed easily by having Gentoo create a signing > key, and automatically signing all dev keys based on LDAP using it. > Then users can trust that one key and inherit trust for the rest. >=20 > Users have to opt into the trust model by trusting somebody's key no > matter what. No reason that couldn't be a centrally-managed one. Nitpicking: Gentoo infra would only sign a @gentoo.org uid, and whether it= =20 should contain a name or not would need to be defined (and published somewh= ere=20 as signature policy).=20 But yes, that is a (different) obvious way to go. =2D-=20 Andreas K. H=C3=BCttel dilfridge@gentoo.org Gentoo Linux developer=20 (council, toolchain, base-system, perl, libreoffice) --nextPart3231585.0HuCePRQih Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE2dlecvcVU8/ThuQ/jJJgxvbXoxAFAlxUQLcACgkQjJJgxvbX oxBgCw/8CZgdsvPfGNS2gw3dMpRfijbNAIVYw3OYhZtxzLJTPIQADC3aqK7nBb3Q k47p3X+4MX/YCQpi9LPFafB6IbhSNsu8QddZOk/WDG69QFzyLj1B+piO6Sj6i0w9 GpUSYAOEDVA3kH4gfp2e7geh2SsgzrxtxPrubnWWmj9bw8v7/vuHKqg2WT9LOjbT K4O8PulmbPxozsVFASLpch5PkpoTVd2VEmAWm4eURtZP6curAZhLGJ/Z+r5OpcD7 kl9+9hV+Yo/UIBae9GofSTElgk3H5ZuxPh6eVxpVs2rOilxILYIIKA7SON0NrL9h vRFK/dnZ/o+IEXniPRG7IrRj+zhGApgqlquLNVziMM9lssInAhI0i75UVjCuGr9V e87zNiyDjpSyn9s9UNmMAoeurx2iKY8KbkQV+P9vYq1RaAFJzbikesiG59JgGEAV Ok8pqqI7uR0PdtazCbxnZe9VPev6KRdZP5ZmLqHs3Hoc7eIL43Sb18LL/XDgjBJ2 +iZQxjYrqHJKChu53yUELDBeZz4vjOUHttDZgdreKNLxlDn0kwxeki7tO2fOthOV GA0sjkhwFFz6fTG7DvmG1BwEhCzRSj4Z3Muf5J7hsUTMVyJZBpJbdATVbuem6fPK 0GE4M834SClXKfjC2LwXkXnE9Yea3Som8fqrrUTfMOleRpIrwfQ= =94aQ -----END PGP SIGNATURE----- --nextPart3231585.0HuCePRQih--