Date: Wed, 23 Dec 2020 13:15:04 +0100 From: Kurt Jaeger <pi@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <X%2BM0yPrCJ5Rz/V85@home.opsec.eu> In-Reply-To: <20201223023242.GG31099@funkthat.com> References: <CANCZdfrUsaw5jpN1ybpk0ADXdQYam0_NO0mPJd0-FMbuxPruhw@mail.gmail.com> <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <CANCZdfrF0B7uux_neg-4XGn2UCDd4noUm7zP_icHnrpZUgmzzA@mail.gmail.com> <CAOtMX2gV2dmyG4b1hZG24sUnqDVk=1pch4xgQmyUdtLrh48kYg@mail.gmail.com> <CANCZdfpb0MF%2BuoW=K3cQpL%2B3vNQjSBDeVMab5d4JJhUO4sy-2Q@mail.gmail.com> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > It's also hard to collect ALL the keys of the devs at any point in > time to decide if that key is authorized to sign a commit in the > repo... We do have most of the keys in docs/share/pgpkeys/ plus history. > Like if a dev starts in 2021, any commits made by that > dev prior to 2021 should not be "valid".. Then there's also the > issue that people's keys change over time, and now you need to know > what time period each key was valid for, otherwise a compromised key > could be used to insert malicious changes into your/the tree... If we manage keys plus their history in the doc repo, this seems to be solved. -- pi@opsec.eu +49 171 3101372 Now what ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?X%2BM0yPrCJ5Rz/V85>