[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Meeting Minutes, FTPMaster meeting March 2011

On Mon, Mar 28, 2011 at 10:19:32PM +0000, Philipp Kern wrote:
> On 2011-03-28, Wouter Verhelst <w@uter.be> wrote:
> > But I'd think that "making sure this buildd host can still do uploads in
> > a timely manner when the key expires" is pretty well inside the realm of
> > the buildd admin's responsibility.
> And manual signing wouldn't be timely?

Less so.

> I talked with Joerg at the meeting and we agreed that arch-based admin
> keyrings aren't needed.  If you feel so strongly about it, I think you
> should take it up yourself and make [0] support one keyring per arch.
> (Or get Joerg to do it.  As I told him that he doesn't need to consider
> it in the initial design it feels unfair to me to ask him now.  Either
> way, if it isn't done, you don't feel strongly enough about it.  There's
> no policy decision in the way this time.)

Sure; I'd be happy to put my code where my mouth is, if that helps solve
this particular issue. It'll have to wait until my current move is over,
however (see my [vac] on -private). 

Note that it isn't entirely clear to me how splitting up keyrings per
architecture would help there, so some explanation might help (if I want
to make sure that whatever patch I come up with actually solves the
issue at hand...).

> I still don't think it's necessary, as it will be mostly identical on
> all archs and we'll be doing the work anyway but frankly I don't care,
> as long as the keys are following the rules the ftp-masters set for
> them.  We'll still monitor the expiry and if you don't react quickly
> enough do it ourselves.

Of course.

The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.

Attachment: signature.asc
Description: Digital signature

Reply to: