Removing stale PGP keys (Was: Re: cvs commit: doc/share/pgpkeys
aaron.key ...)
Chris Rees
crees at freebsd.org
Mon Nov 14 09:25:23 UTC 2011
On 14 November 2011 00:59, Doug Barton <dougb at freebsd.org> wrote:
> On 11/13/2011 01:15, Chris Rees wrote:
>> On 13 November 2011 07:51, Xin LI <delphij at delphij.net> wrote:
>>> (I personally consider having these keys beneficial unless they are
>>> fully expired by the way -- consider this: one day they might send an
>>> email asking to re-activate their commit bit, without the key in
>>> print, we have no easy way to validate their identity unless someone
>>> else have signed their keys in the past and not excluded in the handbook).
>>
>> I agree, however the key is still in CVS, and this is unusual enough
>> that I (and it seems a few others) don't see the need for alumni's
>> keys to be in the 'printed' Handbook. We need to be consistent about
>> who is and who isn't in there.
>
> There is absolutely no reason to have keys from former committers in the
> Handbook. They are almost all (I'd say at least 95%) on a keyserver
> somewhere, and if not, they can be dug out of CVS in the incredibly
> unlikely scenario that we need to validate a signature at some point
> down the road. The argument that stale keys can be used for verifying
> the identity of a former committer is also almost certain to be
> spurious, given that a significant percentage of the existing keys (I'd
> like to say a majority, but I have no data to back that up) have long
> since passed out of the control of the *existing* committers, never mind
> the former ones. This isn't just pessimism/negativity on my part, it's
> based on my past experience in contacting committers privately
> suggesting that they update their broken keys.
>
>> I'll open it up for discussion with core involved as well (as
>> requested by another developer).
>
> I completely fail to see how core@ should have a role here, but
> hopefully they will agree with me for a change. :)
>
Yes, well hopefully the core developer who requested the review is
content with my admission of error in checking committers for
currency-- I think that was his only concern. It'd be great if he
confirms that....
Chris
More information about the cvs-doc
mailing list