[Moving this to -devel, please reply only there, this is not really voting related stuff. We are talking about things to improve keyring maintenance, for those not reading -vote.]
Anthony Towns <aj@azure.humbug.org.au> writes: > So first one was the spam problem, keyring-maint is a well-known address, > and mails that are meant to go to it could be in all sorts of weird > formats. There's already magic debian.org handling that'll drop stuff > without a pseudo-header in the mail (for [EMAIL PROTECTED]), or without > a specific tag in the subject which should mostly solve the problem, > which mostly requires working out some tags/headers and making sure all > the appropriate documentation is updated. Could these mails be required to have a valid GPG signature (either for a key in a public keyserver or a DD key)? This would eliminate the spam problem (almost) entirely. > The third thing was to develop some new scripts to manage > debian-keyring.gpg in a more componentised manner -- rather than > one huge blob, have many small files that are independently auditable > (this is the key for "[EMAIL PROTECTED]", it's authorised because it came > via [EMAIL PROTECTED] after blah lost their key in a tragic accident > involving a watermelon, it's signed by foo and bar...). The scripts > to manage all this have to be simple, obviously correct and secure, > and also fast enough to be usable. I think I could at least try to tackle this, as this doesn't need anything special. If somebody else is already working on this, I would appreciate a heads-up :) > Apparently there's been some mention of this on -private; I'm not > sure when. I recall some discussion, yes. -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]