> > Do you want to reject signed commits if > > - keys are not publicly available [1] > > We'll need to define what does 'public availability' exactly mean? Does > that mean a specific keyserver?
Good point. Although most keyservers synchronize each other, it might make sense to define an additional location such as e.g. a keyring for download on www.gentoo.org. > > - keys are revoked [3] > > How about manifests signed before the key was revoked? And about keys being revoked by a revocation certificate that was generated long time ago "just in case" (as even our docs recommend)... Yes I know this is a mess. -- Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfri...@gentoo.org http://www.akhuettel.de/
signature.asc
Description: This is a digitally signed message part.
