forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <d...@brondsema.net>
Subject Re: PGP keys (Was: svn commit: rev 53859)
Date Wed, 06 Oct 2004 23:48:56 GMT
David Crossley wrote:
> Dave Brondsema wrote:
> 
>>Quoting David Crossley:
>>
>>
>>>>Author: brondsem
>>>>Date: Wed Oct  6 04:48:04 2004
>>>>New Revision: 53859
>>>>
>>>>Modified:
>>>>   forrest/trunk/KEYS
>>>>Log:
>>>>update my key with signatures after the ohio linuxfest
>>>
>>>One thing i have never understood. Do we really need
>>>to list all the actual names and addresses of people
>>>that have signed our key? I did add my list. Should i?
>>>
>>>Looking around the other projects, i see that some do
>>>and some do not.
>>
>>Everything, including the keys themselves can be fetched from a keyserver.  I
>>guess the point of having a KEYS file in the first place is just for
>>convenience.  I don't see any significant difference either way.
> 
> 
> Maybe i wasn't clear. We need the KEYS file itself
> with the keys of each PMC member. Otherwise it would
> be difficult for people to know who are the actual
> people involved. Rather i was wondering why we need
> the lists of email addresses as well as the keys
> in that KEYS file.
> 

All we really need is the ascii-armored public key block.  The owner 
email address and signer's email addresses are just for convenience. 
I'd be fine with removing the list of signers since that is a lot to 
scroll past.  We should keep the owners email address though.

Strictly speaking, we don't need the KEYS file at all.  If we create a 
signature file with appended signatures from each of us, then running 
verify will tell the user which keys were used.  If they don't have 
those keys in their keyring they can download them from the keyserver.


-- 
Dave Brondsema : dave@brondsema.net
http://www.splike.com : programming
http://csx.calvin.edu : student org
http://www.brondsema.net : personal

Mime
View raw message