On 11/29/24 1:31 PM, Robin H. Johnson wrote:
> From a technical perspective, that depends on the keyserver design.
>
> But the canonical "why" is GDPR Article 17 - right-to-erasure.
>
> Hockeypuck even ships a script to make it easy for admins to delete
> keys:
> https://github.com/hockeypuck/hoc
On Thu, Nov 28, 2024 at 10:36:36AM -0500, Eli Schwartz wrote:
> This doesn't test a useful property.
>
> People cannot "remove" compromised keys from a keyserver to begin with.
> If they did, then checking to build the package with GENTOO_MIRRORS=
> DISTDIR=$(mktemp -d) is a significantly more use
On 28/11/2024 05.32, Eli Schwartz wrote:
The current state of verify-sig support is a bit awkward. We rely on
validating distfiles against a known trusted keyring, but creating the
known trusted keyring is basically all manual verification. We somehow
decide an ascii armored key is good enough wi
Michał Górny writes:
> On Thu, 2024-11-28 at 16:56 +, Sam James wrote:
>> Eli Schwartz writes:
>>
>> > On 11/28/24 8:10 AM, Michał Górny wrote:
>> > > On Wed, 2024-11-27 at 23:32 -0500, Eli Schwartz wrote:
>> > >
>> > > That looks like something you could do in src_compile() already.
>> >
On Thu, 2024-11-28 at 16:56 +, Sam James wrote:
> Eli Schwartz writes:
>
> > On 11/28/24 8:10 AM, Michał Górny wrote:
> > > On Wed, 2024-11-27 at 23:32 -0500, Eli Schwartz wrote:
> > >
> > > That looks like something you could do in src_compile() already.
> >
> >
> > Perhaps. But it felt l
Eli Schwartz writes:
> On 11/28/24 8:10 AM, Michał Górny wrote:
>> On Wed, 2024-11-27 at 23:32 -0500, Eli Schwartz wrote:
>>
>> That looks like something you could do in src_compile() already.
>
>
> Perhaps. But it felt like exporting keys is work that is conceptually
> part of installing, in mu
On Thu, 2024-11-28 at 10:36 -0500, Eli Schwartz wrote:
> On 11/28/24 8:10 AM, Michał Górny wrote:
>
> > > +# separated by colons. The allowed values for a location are:
> > > +#
> > > +# - gentoo -- fetch key by fingerprint from https://keys.gentoo.org
> > > +#
> > > +# - github -- fetch key fro
On 11/28/24 8:10 AM, Michał Górny wrote:
> On Wed, 2024-11-27 at 23:32 -0500, Eli Schwartz wrote:
>> +# @ECLASS_VARIABLE: SEC_KEYS_VALIDPGPKEYS
>> +# @PRE_INHERIT
>> +# @DEFAULT_UNSET
>> +# @DESCRIPTION:
>> +# Mapping of fingerprints, name, and optional location of PGP keys to
>> include,
>
> So
On Wed, 2024-11-27 at 23:32 -0500, Eli Schwartz wrote:
> +# @ECLASS_VARIABLE: SEC_KEYS_VALIDPGPKEYS
> +# @PRE_INHERIT
> +# @DEFAULT_UNSET
> +# @DESCRIPTION:
> +# Mapping of fingerprints, name, and optional location of PGP keys to
> include,
So "location" or "locations", plural?
> +# separated by