On Mon, Mar 28, 2011 at 10:19:32PM +0000, Philipp Kern wrote: > On 2011-03-28, Wouter Verhelst <w...@uter.be> wrote: > > But I'd think that "making sure this buildd host can still do uploads in > > a timely manner when the key expires" is pretty well inside the realm of > > the buildd admin's responsibility. > > And manual signing wouldn't be timely?
Less so. > I talked with Joerg at the meeting and we agreed that arch-based admin > keyrings aren't needed. If you feel so strongly about it, I think you > should take it up yourself and make [0] support one keyring per arch. > (Or get Joerg to do it. As I told him that he doesn't need to consider > it in the initial design it feels unfair to me to ask him now. Either > way, if it isn't done, you don't feel strongly enough about it. There's > no policy decision in the way this time.) Sure; I'd be happy to put my code where my mouth is, if that helps solve this particular issue. It'll have to wait until my current move is over, however (see my [vac] on -private). Note that it isn't entirely clear to me how splitting up keyrings per architecture would help there, so some explanation might help (if I want to make sure that whatever patch I come up with actually solves the issue at hand...). > I still don't think it's necessary, as it will be mostly identical on > all archs and we'll be doing the work anyway but frankly I don't care, > as long as the keys are following the rules the ftp-masters set for > them. We'll still monitor the expiry and if you don't react quickly > enough do it ourselves. Of course. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html
signature.asc
Description: Digital signature