Philip Brown <[email protected]> writes: > On Wed, Feb 9, 2011 at 12:38 AM, Peter FELECAN <[email protected]> wrote: >>... >> The GPG signing key is the asset of the OpenCSW foundation. >> The representatives of the foundation are the 3 board main members. >> Consequently it should be held by them. >> >> I think that today we have the following situation: the previous >> president of the foundation and a non member of the foundation hold the >> GPG signing key. > > I dont see how the current holder being "the previous president" has > any relevance. Are you somehow suggesting that if I were not the prior > president, that you would have no objections?[...]
Not at all. >> Are you saying that This is unacceptable. I cannot resist the caricature of >> this: as if George W. Bush and Kim Jong Il holds exclusively the nuclear >> codes of the United States. > > and this is just gratuitously insulting. Don't you understand metaphors? analogies? The purpose of this wasn't to insult but to show a similarity. > In contrast, I hold the gpg signing key not because I was board > president, but because I am the current release manager. Since I > continue to be, for now, the current release manager, it makes sense > for me to hold the keys, because I have a functional need to do so. > If at some time in the future, there is a new release manager, I will > turn over the key to them without complaint. I think that the release management role should dispose, non exclusively, of the GPG sign key. The keywords here are "non exclusively". > I think the majority of members consider James to be a trustworthy > person, as I hope they also do myself. > While James has not requested to become "a member of the > organization", he is still a maintainer in good standing. > Not being a member, merely means he does not get a "vote" in things. I > do not see how that makes him any less trustworthy, however. It's not a question of trust but of the paradox of your opinion: a non member can have the key but the members of the board doesn't. > As such, I hope that the current level of redundancy for our signing > keys will be deemed as adequate for our members. There is at least one member who deems that inadequate: me. The vote will decide if I'm alone in which case I will comply. On the contrary, will you? -- Peter _______________________________________________ maintainers mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/maintainers .:: This mailing list's archive is public. ::.
