Hi,
Has anyone thought about having a PGP key signing party during the
summit? Guys from the Linux kernel thought it was useless, but after the
hack of kernel.org, they started to understand it was useful, and now
they do have a "web of trust". As a package maintainer, I would very
much like to h
Thomas Goirand wrote:
> Has anyone thought about having a PGP key signing party during the
> summit? Guys from the Linux kernel thought it was useless, but after the
> hack of kernel.org, they started to understand it was useful, and now
> they do have a "web of trust". As a package maintainer, I w
On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote:
> Has anyone thought about having a PGP key signing party during the
> summit?
[...]
I'm preparing some documents to help socialize an OpenPGP web of
trust amongst our Release Cycle Management team members, with a hope
of getting a strong
What's the threat model here?
Thanks,
Mike___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Excerpts from Mike Spreitzer's message of 2013-09-20 07:46:47 -0700:
> What's the threat model here?
>
Right now most verification loops in OpenStack rely on SSL and the PKI
that it brings along.
This is vulnerable to centralized compromise on several levels, and does
not help if the server itse
Excerpts from Thomas Goirand's message of 2013-09-19 23:33:47 -0700:
>
> Hi,
>
> Has anyone thought about having a PGP key signing party during the
> summit? Guys from the Linux kernel thought it was useless, but after the
> hack of kernel.org, they started to understand it was useful, and now
>
On 2013-09-20 10:47:10 -0700 (-0700), Clint Byrum wrote:
[...]
> Also if we are auto-signing anything, the infra team can sign the
> key for the auto-signer, so we can also secure any mirrored copies of
> automatically built artifcats against server side tampering.
Yes, and to that end I've done a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/20/2013 09:59 PM, Jeremy Stanley wrote:
> On 2013-09-20 14:33:47 +0800 (+0800), Thomas Goirand wrote:
>> Has anyone thought about having a PGP key signing party during the
>> summit?
> [...]
>
> I'm preparing some documents to help socialize an
On 09/20/2013 02:33 AM, Thomas Goirand wrote:
>
> Hi,
>
> Has anyone thought about having a PGP key signing party during the
> summit? Guys from the Linux kernel thought it was useless, but after the
> hack of kernel.org, they started to understand it was useful, and now
> they do have a "web o
On 09/20/2013 01:50 PM, Clint Byrum wrote:
> Excerpts from Thomas Goirand's message of 2013-09-19 23:33:47 -0700:
>>
>> Hi,
>>
>> Has anyone thought about having a PGP key signing party during the
>> summit? Guys from the Linux kernel thought it was useless, but after the
>> hack of kernel.org, t
10 matches
Mail list logo
