On Sat, 13 Oct 2012 08:28:20 +0200
Ralph Sennhauser wrote:
> On Fri, 12 Oct 2012 21:10:23 -0600
> Ryan Hill wrote:
>
> > I'd argue against deprecating EAPI 0 any time soon though. Killing
> > EAPI 1 would be a better idea.
>
> I'm not for forced EAPI bumps anytime soon, but I expect EAPI 0 to
Rich Freeman wrote:
> PKI becomes a nightmare if anybody but devs sign, and when we move to
> git it won't really be possible to have anybody else sign anyway
> unless we allow merge commits, which is just a whole different mess.
I'm not sure? Signatures can be made on anything by anyone and store
On Tue, Oct 16, 2012 at 9:30 PM, Patrick Lauer wrote:
> That's nice. Can we also add some basic policies on key format (key
> length, validity) and get a centrally-hosted keyring?
>
> Then it'd even make sense for us to start using the whole signing thing
> now :)
Well, if we're going to do that
On 10/17/12 06:54, Robin H. Johnson wrote:
> Hi all,
>
> One of the items that has come up in the Git conversion, and needs some
> attention.
>
[snip]
>
> As such, we've decided to make the PORTAGE_GPG_KEY strictly enforce what
> was originally intended.
>
> - You must specify a key or subkey e
On Wed, Oct 17, 2012 at 08:53:14AM +0800, Ben de Groot wrote:
> > Additionally, while we are NOT enforcing the use of long key-ids
> > presently, I strongly encourage ALL developers to move to using them,
> > due to known attacks against short ids:
> > http://www.asheesh.org/note/debian/short-key-i
On Oct 17, 2012 6:57 AM, "Robin H. Johnson" wrote:
>
> Hi all,
>
> One of the items that has come up in the Git conversion, and needs some
> attention.
>
> Previously, the PORTAGE_GPG_KEY variable has allowed ANY argument, and
> passed it to GPG, letting GPG use that. This was intended to explicit
