On 03/25/11 15:15, Torsten Veller wrote: > * Mike Frysinger <vap...@gentoo.org>: >> On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: > [Manifest signing] >>> Does that get us any closer to GLEPs 57, 58, 59 (or generally >>> approaching the tree-signing/verifying group of problems)? >> >> yes > > I think, it's a "no". > The MetaManifest GLEP relies on a signed top-level "MetaManifest" which > hashes all sub Manifests, whether they are signed or not doesn't matter.
I'd say that those are two independent issues. But by starting to figure out how to force signed commits for everyone we at least get the infrastructure done. As long as we have no strict guidelines I don't see any advantage of using signed commits, so I've never used them. Getting a coherent policy for that sounds like a really good idea (key length, expiry time, availability on keyservers etc.) > > I don't see a major advantage to signed portage snapshots we already > offer today. > > > Do you want to reject signed commits if > - keys are not publicly available [1] > - signatures are from expired keys [2] > - keys are revoked [3] > - keys are not listed in userinfo.xml (current or former devs) [4] Yes, yes, yes, and yes :) But since we don't have policies in place yet it's a bit of a mess right now. So. What parameters do we need to agree on? And what's a realistic timeframe *if* we decide to go ahead with it? Waiting for good answers :) Patrick -- Patrick Lauer http://service.gentooexperimental.org Gentoo Council Member and Evangelist Part of Gentoo Benchmarks, Forensics, PostgreSQL, KDE herds