Le jeudi 13 août 2020 à 14:29:35+0200, Guilhem Moulin a écrit : > Hi, > > On Thu, 13 Aug 2020 at 14:11:14 +0200, Pierre-Elliott Bécue wrote: > > Le jeudi 13 août 2020 à 07:42:29-0400, Sam Hartman a écrit : > >>>>>>> "Paul" == Paul Wise <pabs@debian.org> writes: > >> > >> Paul> On Wed, Aug 12, 2020 at 3:27 PM Pierre-Elliott Bécue wrote: > >> >> I'd rather try to solve the issue in a more sensible way : lower > >> >> the number of expected GPG signatures to 0 temporarily, and ask > >> >> for two or three advocacies from DDs. > >> > >> Paul> This seems like the most natural solution to the problem of > >> Paul> COVID mentioned thus far. > >> > >> How do you feel about the idea of short-term expirations on signatures > >> proposed in the previous message on the list? > > > > Unless I missed a GPG capability, this seems kinda technically hard to > > do. > > gpg has a `--ask-cert-expire` flag and a `--default-cert-expire` option > in that effect. Expired certification signatures will be ignored when > building the Web of Trust. > > Cheers This could work, but we'd have to handle the case when developers forget to set a signature as time-limited/don't follow this thread and never care to set it up. I'd rather avoid relying on signatures, than making the meaning of signature quite less tangible. -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them.
Attachment:
signature.asc
Description: PGP signature