On Fri, Mar 25, 2011 at 2:57 PM, Dane Smith wrote: > On 03/25/2011 02:46 PM, Mike Frysinger wrote: >> On Fri, Mar 25, 2011 at 4:53 AM, Andreas K. Huettel wrote: >>> Of course now we can add additional requirements: >>> >>> * The key must have an userid that refers to an official Gentoo e-mail >>> address. E.g. dilfri...@gentoo.org >> >> no. there's no reason for this requirement, and it prevents proxy >> maintenance long term. e-mail addresses do not verify identity, >> verifying identify verifies identity. this is the point of the web of >> trust. > > We are somewhat limited in the amount that we can verify "identity." > Sure you can get a decent web of trust from signing the keys of people > you've met at conferences, however, there will be people outside of that > web.
creating one "tree key" which signs all developer keys listed in LDAP is trivial to do > What we need to verify is rather that the person who made the > commit is someone who is authorized to make the commit and that it was > in no way tampered with. you're validating only that the machine with access to the private keys pushed up the commit. hopefully the only person with said machine is the one we recruited. -mike
