On 17.10.2012 03:30, Patrick Lauer wrote: > On 10/17/12 06:54, Robin H. Johnson wrote: >> Hi all, >> >> One of the items that has come up in the Git conversion, and needs some >> attention. >> > [snip] >> >> As such, we've decided to make the PORTAGE_GPG_KEY strictly enforce what >> was originally intended. >> >> - You must specify a key or subkey exactly. >> - The leading "0x" is optional. >> - If you want to use a subkey, per the PGP specifications, you must >> suffix your keyid with "!". >> - Your keyid is exactly: 8, 16, 24, 32 xor 40 hexdigits long. > > That's nice. Can we also add some basic policies on key format (key > length, validity) and get a centrally-hosted keyring? > > Then it'd even make sense for us to start using the whole signing thing > now :)
Additionally, can any consensus achieved here be documented right away? e.g. here [1] or @devmanual.g.o Cheers, Kacper [1] http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6
signature.asc
Description: OpenPGP digital signature