On 06-07-2018 13:34:21 +0200, Ulrich Mueller wrote: > - Make creation of a revocation certificate (and storing it in a place > separate from the key) mandatory.
What does this really achieve? Or require? Am I supposed to buy or hire a vault now? -- I'm assuming the word "safe" is missing from above sentence. Side observation: You can't check I have the revocation cert, let alone that you can check where it is stored, or if I lost it. Unless it is stored in a Gentoo owned vault or something, such that infra can invoke it on retirement scripts, this seems like unnecessary bureaucracy. Of course we want to encourage anyone to have a revocation cert, and to store it in a safe place somewhere. This is at best subject to means and opportunities of the person in question. In reality it is quite hard to store secrets securely, even more when they don't fit well in the human SSD. Fabian -- Fabian Groffen Gentoo on a different level
signature.asc
Description: PGP signature
