From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A145B13856F for ; Wed, 30 Oct 2013 00:32:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8459FE09F7; Wed, 30 Oct 2013 00:32:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D7A58E0A69 for ; Wed, 30 Oct 2013 00:32:16 +0000 (UTC) Received: from [192.168.1.101] (unknown [124.78.108.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: patrick) by smtp.gentoo.org (Postfix) with ESMTPSA id A21AA33F0A5 for ; Wed, 30 Oct 2013 00:32:15 +0000 (UTC) Message-ID: <527053EF.9080200@gentoo.org> Date: Wed, 30 Oct 2013 08:33:51 +0800 From: Patrick Lauer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130426 Thunderbird/17.0.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: [gentoo-project] Re: [gentoo-dev-announce] Call for agenda items - pgp key handling References: <1701685.NthhqudeZE@kailua> In-Reply-To: <1701685.NthhqudeZE@kailua> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 5cf88cdf-76c2-4f67-ac0b-e9013de43459 X-Archives-Hash: ab72d26f3edcb5921e984979cd578c81 On 10/29/2013 09:23 PM, Andreas K. Huettel wrote: > In two weeks from now, the council will again have its regular monthly > meeting. Now is the time to raise and prepare items that the council should > put on the agenda to discuss or vote on. Request: A minimal policy for pgp keys and key handling (for commit signing) - Define the allowed key parameters: e.g. 2048bit RSA or DSA, validity at least 6 months - Define a canonical location (e.g. in LDAP and on at least one keyserver) where every dev's key is accessible (at least to gentoo infra) - Define a location of a (signed, autoupdated) global keyring that is accessible to all interested parties (e.g. http://www.gentoo.org/keyring.txt ) That's the first stage that can be done now without big problems, and it can be amended at any later time if there's any deficiencies. (so if we agree that 2048 bit are not enough we just fix it to 4096 bit and a three-month migration time) With that in place we can make commit signing mandatory (because right now we don't even have a way to fetch all keys, so it's worse than useless). And then as a third stage we can discuss things like, say, disabling commit access when the key is less than a month valid (after sending some automated warning mails, yes?) and other ways to make this meaningful. But - let's not get carried away in a big debate about how the NSA has infiltrated the minds of at least three devs, so we need four signatures on every commit before it goes live, and other unrelated madness. Just define the minimum set of rules to make signing useful, and then figure out how to enforce it. (As a sidenote, someone might want to figure out how to do remote signed commits - last time this was discussed I think there were some minor issues that should be worked out so that we're all not too affected with workflow changes) Thanks, Patrick