Date: Mon, 14 Nov 2011 09:24:51 +0000 From: Chris Rees <crees@freebsd.org> To: Doug Barton <dougb@freebsd.org>, kib@freebsd.org, core@freebsd.org Cc: doc-committers@freebsd.org, d@delphij.net, cvs-doc@freebsd.org, cvs-all@freebsd.org Subject: Re: Removing stale PGP keys (Was: Re: cvs commit: doc/share/pgpkeys aaron.key ...) Message-ID: <CADLo839m9eojY7n1ockffnp=NdaYZJmK9p_DTq3dNHvCZBrWXw@mail.gmail.com> In-Reply-To: <4EC0680D.1080509@FreeBSD.org> References: <CADLo838Fk796TwwX51v5wD9cGYDMwBvGSMymsciGPxDmJ%2BA=OA@mail.gmail.com> <4EC0680D.1080509@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 November 2011 00:59, Doug Barton <dougb@freebsd.org> wrote: > On 11/13/2011 01:15, Chris Rees wrote: >> On 13 November 2011 07:51, Xin LI <delphij@delphij.net> wrote: >>> (I personally consider having these keys beneficial unless they are >>> fully expired by the way -- consider this: one day they might send an >>> email asking to re-activate their commit bit, without the key in >>> print, we have no easy way to validate their identity unless someone >>> else have signed their keys in the past and not excluded in the handboo= k). >> >> I agree, however the key is still in CVS, and this is unusual enough >> that I (and it seems a few others) don't see the need for alumni's >> keys to be in the 'printed' Handbook. =A0We need to be consistent about >> who is and who isn't in there. > > There is absolutely no reason to have keys from former committers in the > Handbook. They are almost all (I'd say at least 95%) on a keyserver > somewhere, and if not, they can be dug out of CVS in the incredibly > unlikely scenario that we need to validate a signature at some point > down the road. The argument that stale keys can be used for verifying > the identity of a former committer is also almost certain to be > spurious, given that a significant percentage of the existing keys (I'd > like to say a majority, but I have no data to back that up) have long > since passed out of the control of the *existing* committers, never mind > the former ones. This isn't just pessimism/negativity on my part, it's > based on my past experience in contacting committers privately > suggesting that they update their broken keys. > >> I'll open it up for discussion with core involved as well (as >> requested by another developer). > > I completely fail to see how core@ should have a role here, but > hopefully they will agree with me for a change. :) > Yes, well hopefully the core developer who requested the review is content with my admission of error in checking committers for currency-- I think that was his only concern. It'd be great if he confirms that.... Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo839m9eojY7n1ockffnp=NdaYZJmK9p_DTq3dNHvCZBrWXw>