Re: [gentoo-dev] Re: [PATCH v3 00/12] GLEP 63 update
W dniu pią, 06.07.2018 o godzinie 06∶36 +, użytkownik Robin H. Johnson napisał: > On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: > > Here's third version of the patches. I've incorporated the feedback > > so far and reordered the patches (again) to restore their > > degree-of-compatibility order. The full text is included below. > > ... > > v2 > > The distinct minimal and recommended expirations have been replaced > > by a single requirement. The rules have been simplified to use > > the same time of 2 years for both the primary key and subkeys. > > -the same time of 2 years ... > +the same 2 year maximum renewal time ... I've changed this as part of different changes, please wait for v4. > > > An additional rule requesting key renewal 2 weeks before expiration > > has been added. This is in order to give services and other developers > > time > > to refresh the key. > > Do we want to state that infra will start contact devs before this, or > keep that as an implementation detail? > > > 4. Expiration date on key and all subkeys set to at most 2 years > > -at most 2 years. > +at most 2 years from generation or refresh of expiry. I've instead went for lengthening the period. > > Recommendations > > --- > > ... > > 3. Key expiration renewed annually > > Can we please suggest it's updated to a fixed day of the year? Done. > > > Gentoo LDAP > > === > > ... > > All Gentoo developers must list the complete fingerprint for their primary > > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex > > digits, > > uppercase, with optional spaces every 8 hex digits. Regular expression for > > validation:: > > Can we please drop the spaces in the field in LDAP. I don't care if we > display it with spaces, but dropping them in LDAP would be helpful. Included an extra commit for this. > > > Copyright > > = > > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa > > Fischer. > > Please update the copyright date: > 2013,2018 > and add yourself as a copyright owner for the scale of these changes. Done in the first commit. I've also added myself as an Author. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Re: [PATCH v3 00/12] GLEP 63 update
>> > 4. Expiration date on key and all subkeys set to at most 2 years >> >> -at most 2 years. >> +at most 2 years from generation or refresh of expiry. > >Now, this won't really work because it's self-propagating date. You're >soon going to see keys with 10 years to expiration because if you >update >the date 5 times from 'refresh of expiry', that's what you get. > >I get what you're trying to say but I can't really think of a sane way >of stating that. Maybe I should just explicitly state '(plus the >period >specified in point 5)'. “The expiry date of the key shall never be more than two years in the future”? -- Christopher Head signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [PATCH v3 00/12] GLEP 63 update
W dniu pią, 06.07.2018 o godzinie 06∶36 +, użytkownik Robin H. Johnson napisał: > On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: > > Here's third version of the patches. I've incorporated the feedback > > so far and reordered the patches (again) to restore their > > degree-of-compatibility order. The full text is included below. > > ... > > v2 > > The distinct minimal and recommended expirations have been replaced > > by a single requirement. The rules have been simplified to use > > the same time of 2 years for both the primary key and subkeys. > > -the same time of 2 years ... > +the same 2 year maximum renewal time ... > > > An additional rule requesting key renewal 2 weeks before expiration > > has been added. This is in order to give services and other developers > > time > > to refresh the key. > > Do we want to state that infra will start contact devs before this, or > keep that as an implementation detail? Implementation detail. > > > 4. Expiration date on key and all subkeys set to at most 2 years > > -at most 2 years. > +at most 2 years from generation or refresh of expiry. Now, this won't really work because it's self-propagating date. You're soon going to see keys with 10 years to expiration because if you update the date 5 times from 'refresh of expiry', that's what you get. I get what you're trying to say but I can't really think of a sane way of stating that. Maybe I should just explicitly state '(plus the period specified in point 5)'. > > > Recommendations > > --- > > ... > > 3. Key expiration renewed annually > > Can we please suggest it's updated to a fixed day of the year? Sure. > > > Gentoo LDAP > > === > > ... > > All Gentoo developers must list the complete fingerprint for their primary > > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex > > digits, > > uppercase, with optional spaces every 8 hex digits. Regular expression for > > validation:: > > Can we please drop the spaces in the field in LDAP. I don't care if we > display it with spaces, but dropping them in LDAP would be helpful. I'm all for it. I really do wonder how they ended up there in the first place. > > > Copyright > > = > > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa > > Fischer. > > Please update the copyright date: > 2013,2018 > and add yourself as a copyright owner for the scale of these changes. > -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
[gentoo-dev] Re: [PATCH v3 00/12] GLEP 63 update
On Thu, Jul 05, 2018 at 10:53:51PM +0200, Michał Górny wrote: > Here's third version of the patches. I've incorporated the feedback > so far and reordered the patches (again) to restore their > degree-of-compatibility order. The full text is included below. ... > v2 > The distinct minimal and recommended expirations have been replaced > by a single requirement. The rules have been simplified to use > the same time of 2 years for both the primary key and subkeys. -the same time of 2 years ... +the same 2 year maximum renewal time ... > An additional rule requesting key renewal 2 weeks before expiration > has been added. This is in order to give services and other developers time > to refresh the key. Do we want to state that infra will start contact devs before this, or keep that as an implementation detail? > 4. Expiration date on key and all subkeys set to at most 2 years -at most 2 years. +at most 2 years from generation or refresh of expiry. > Recommendations > --- ... > 3. Key expiration renewed annually Can we please suggest it's updated to a fixed day of the year? > Gentoo LDAP > === ... > All Gentoo developers must list the complete fingerprint for their primary > keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, > uppercase, with optional spaces every 8 hex digits. Regular expression for > validation:: Can we please drop the spaces in the field in LDAP. I don't care if we display it with spaces, but dropping them in LDAP would be helpful. > Copyright > = > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. Please update the copyright date: 2013,2018 and add yourself as a copyright owner for the scale of these changes. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: Digital signature