From owner-freebsd-current@freebsd.org  Wed Dec 23 12:15:14 2020
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57DC34BD955
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Wed, 23 Dec 2020 12:15:14 +0000 (UTC) (envelope-from pi@freebsd.org)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D1Bwy0YQWz4n31
 for <freebsd-current@freebsd.org>; Wed, 23 Dec 2020 12:15:13 +0000 (UTC)
 (envelope-from pi@freebsd.org)
Received: from pi by home.opsec.eu with local (Exim 4.94 (FreeBSD))
 (envelope-from <pi@freebsd.org>) id 1ks32m-000PNd-Ay
 for freebsd-current@freebsd.org; Wed, 23 Dec 2020 13:15:04 +0100
Date: Wed, 23 Dec 2020 13:15:04 +0100
From: Kurt Jaeger <pi@freebsd.org>
To: freebsd-current@freebsd.org
Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend
Message-ID: <X+M0yPrCJ5Rz/V85@home.opsec.eu>
References: <CANCZdfrUsaw5jpN1ybpk0ADXdQYam0_NO0mPJd0-FMbuxPruhw@mail.gmail.com>
 <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org>
 <CANCZdfrF0B7uux_neg-4XGn2UCDd4noUm7zP_icHnrpZUgmzzA@mail.gmail.com>
 <CAOtMX2gV2dmyG4b1hZG24sUnqDVk=1pch4xgQmyUdtLrh48kYg@mail.gmail.com>
 <CANCZdfpb0MF+uoW=K3cQpL+3vNQjSBDeVMab5d4JJhUO4sy-2Q@mail.gmail.com>
 <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com>
 <20201218175241.GA72552@spindle.one-eyed-alien.net>
 <20201218182820.1P0tK%steffen@sdaoden.eu>
 <20201223023242.GG31099@funkthat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201223023242.GG31099@funkthat.com>
X-Rspamd-Queue-Id: 4D1Bwy0YQWz4n31
X-Spamd-Bar: /
X-Spamd-Result: default: False [0.00 / 15.00];
 ASN(0.00)[asn:12502, ipnet:2001:14f8::/32, country:DE];
 local_wl_from(0.00)[freebsd.org]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2020 12:15:14 -0000

Hi!

> It's also hard to collect ALL the keys of the devs at any point in
> time to decide if that key is authorized to sign a commit in the
> repo...

We do have most of the keys in docs/share/pgpkeys/ plus history.

> Like if a dev starts in 2021, any commits made by that
> dev prior to 2021 should not be "valid"..  Then there's also the
> issue that people's keys change over time, and now you need to know
> what time period each key was valid for, otherwise a compromised key
> could be used to insert malicious changes into your/the tree...

If we manage keys plus their history in the doc repo, this seems
to be solved.

-- 
pi@opsec.eu            +49 171 3101372                    Now what ?