Re: HEADS UP: FreeBSD src repo transitioning to git this weekend

From: Kurt Jaeger <pi_at_freebsd.org>
Date: Wed, 23 Dec 2020 13:15:04 +0100
Hi!

> It's also hard to collect ALL the keys of the devs at any point in
> time to decide if that key is authorized to sign a commit in the
> repo...

We do have most of the keys in docs/share/pgpkeys/ plus history.

> Like if a dev starts in 2021, any commits made by that
> dev prior to 2021 should not be "valid"..  Then there's also the
> issue that people's keys change over time, and now you need to know
> what time period each key was valid for, otherwise a compromised key
> could be used to insert malicious changes into your/the tree...

If we manage keys plus their history in the doc repo, this seems
to be solved.

-- 
pi_at_opsec.eu            +49 171 3101372                    Now what ?
Received on Wed Dec 23 2020 - 11:15:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC