Robert Burrell Donkin wrote:
On Mon, Jan 4, 2010 at 5:06 PM, Craig L Russell <[email protected]> wrote:
Hi Peter,
From my perspective, you're good to go. The signature you made checks out.
You'll need to put your public key into the svn repository associated with
the river project (if you need details after looking around, let me know --
I'm a little hazy on the details).
i haven't been tracking the progress made by infra so you might need
to check the archives but AFAIK we're still just using a KEYS files.
this consists of ASCII-exported public keys (IIRC this is covered in
the documentation). a good way to start a file is by copying the
template from an existing one.
And I guess you're still awaiting a response whether your key is good
enough. Robert, any feedback?
there are basically 3 things to check:
1. that both encryption and signing keys are 4096 RSA
2. that the keyring preferences are set to strong signing
3. that the key preferences are set to strong signing
and AFAICT the key looks fine
(probably need to find some time to update the documentation since the
GnuPG team now seem to have set everything up okay by defaults for the
new releases...)
The documentation was very helpful, SHA-1 was still the default first
preference, so I wouldn't go changing it just yet.
- robert
