On Thu, Mar 22, 2018 at 4:30 AM, Alexander Berntsen <berna...@gentoo.org> wrote: > On 22/03/18 07:31, Benda Xu wrote: >> We might be able to require GPG signed email to make a post. > Almost definitely. > > But before bikeshedding that, it would be advisable to find out whether > it would be a good idea in the first place. Unless you want only > prospective developers to be able to contribute to the ML (maybe you do > want that?), it seems like a poor idea to unnecessarily exclude anyone > who doesn't care (nor want to care) about OpenPGP.
That, and getting yourself whitelisted by a dev is gong to be a lower barrier than having to meet one in-person to have a key signed. That is unless devs just start signing keys for people they've never met (which honestly doesn't really bother me much as I don't put much faith in the WoT anyway), in which case it turns into a whitelist that only comrel can un-whitelist since I don't think you can revoke a signature. Plus signing emails is a pain if you don't use an MUA that has this feature, and the web-based ones which do aren't very good. -- Rich
