Re: Emeritus status, and email forwarding

To: Enrico Zini <enrico@enricozini.org>
Cc: debian-project@lists.debian.org
Subject: Re: Emeritus status, and email forwarding
From: Gunnar Wolf <gwolf@debian.org>
Date: Fri, 17 Nov 2017 13:20:21 -0600
Message-id: <[🔎] 20171117192020.kfodduqzsmeyzb5f@gwolf.org>
In-reply-to: <[🔎] 20171115164652.fy63jo5acfig4yft@enricozini.org>
References: <[🔎] 23052.10926.844149.644814@chiark.greenend.org.uk> <[🔎] 20171115124551.ynx7i46ar7sv3kgq@mapreri.org> <[🔎] 20171115164652.fy63jo5acfig4yft@enricozini.org>

Enrico Zini dijo [Wed, Nov 15, 2017 at 05:46:52PM +0100]:
> I would be ok with saying that emeritus people who have a valid gpg key
> can still have email forwarding, exporting the emeritus keyring
> alongside the other keyrings, and handling email forwarding
> configuration changes via changes@db.debian.org, and key replacements as
> usual.
> 
> It would exclude people who don't have a viable gpg key anymore in the
> keyring, or who are not interested in maintaining one, but that is
> already the case mostly anywhere in Debian, and I don't see it as a
> blocker for keeping forwarding working as long as someone is emeritus
> and has a key in the emeritus keyring.
> 
> I would also be ok saying that people whose keys in the emeritus keyring
> become invalid over time, because they expire or because they are not
> replaced when needed, move to "removed" status after a while.

FWIW some other people have expressed procedure concerns on this
topic, I am not repeating them.

We (keyring-maint) do keep an Emeritus keyring. Given it is not really
_used_, I had not checked its real status in a long time, but now I
must really take off my hat towards Jonathan - It is quite well
maintained.

It used to be a very large directory:

    https://anonscm.debian.org/cgit/keyring/keyring.git/tree/emeritus-keyring-gpg?id=f6293ba7d7c4e775b3b83185e66da41f4765721f

But since Jonathan removed short keys in it (as they are keys we will
never use again and should no longer consider trusted), it became way
smaller. Current view:

    https://anonscm.debian.org/cgit/keyring/keyring.git/tree/emeritus-keyring-gpg

Anyway, we could continue to receive updates for and process the
Emeritus' keyring, if any person in it was interested in doing so... I
doubt it would be the case. We can also produce that keyring together
with our updates if any infrastructure were to use it.

I have a feeling it would mostly be over-engineering, though. Keeping
the mail alias working "forever" sounds right, but I expect that any
mail update requests would still end up in a human to implement.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Emeritus status, and email forwarding
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Emeritus status, and email forwarding
  - From: Mattia Rizzolo <mattia@debian.org>
- Re: Emeritus status, and email forwarding
  - From: Enrico Zini <enrico@enricozini.org>

Prev by Date: Re: Emeritus status, and email forwarding [and 1 more messages]
Next by Date: Re: Emeritus status, and email forwarding
Previous by thread: Re: Emeritus status, and email forwarding
Next by thread: Re: Emeritus status, and email forwarding
Index(es):
- Date
- Thread