> > Do you want to reject signed commits if > > - keys are not publicly available [1] > > no. e-mail warnings will be issued so that the dev can upload it > after the fact.
Why? I'm pretty sure someone will forget. (Or try to trick the system.) > > - keys are revoked [3] > > yes Only if the signature was made after the date/time of the revocation. > > - keys are not listed in userinfo.xml (current or former devs) [4] > > no. you can sign a key with your personal key and that's good enough. Heh. Yes, if there is a validity that can be checked in an automated way. Which means a signature on the userid. A chain of trust can of course be implemented in many ways, but requiring the user to download the entire strong set is not an option. :o) The @gentoo.org email addresses are advantageous because they provide a pre-existing identification. Which is as strong as we will ever get with this mechanism (I think). -- Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfri...@gentoo.org http://www.akhuettel.de/
signature.asc
Description: This is a digitally signed message part.