On 09/20/2013 02:33 AM, Thomas Goirand wrote:
Hi,
Has anyone thought about having a PGP key signing party during the
summit? Guys from the Linux kernel thought it was useless, but after the
hack of kernel.org, they started to understand it was useful, and now
they do have a web of
On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote:
Has anyone thought about having a PGP key signing party during the
summit?
[...]
I'm preparing some documents to help socialize an OpenPGP web of
trust amongst our Release Cycle Management team members, with a hope
of getting a strong
What's the threat model here?
Thanks,
Mike___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Excerpts from Thomas Goirand's message of 2013-09-19 23:33:47 -0700:
Hi,
Has anyone thought about having a PGP key signing party during the
summit? Guys from the Linux kernel thought it was useless, but after the
hack of kernel.org, they started to understand it was useful, and now
they
On 2013-09-20 10:47:10 -0700 (-0700), Clint Byrum wrote:
[...]
Also if we are auto-signing anything, the infra team can sign the
key for the auto-signer, so we can also secure any mirrored copies of
automatically built artifcats against server side tampering.
Yes, and to that end I've done a