--On Wednesday, March 17, 2004 10:42 AM -0600 kfogel@collab.net wrote:
> However, I just talking to Sander Striker in IRC today, and he had
> some objections to using a shared key. So, Sander, please follow up.
>
> Then I was talking to Ben Reser, who had some defenses of the plan.
> So Ben, please follow up (but maybe wait for Sander, so we get a nice
> point/counterpoint pattern going, can sell tickets to spectators, etc).
FWIW, over in httpd-land, each RM signs the key with their own personal
key. However, those keys are signed by almost everyone else in the project
and we hold key-signing events at most conferences. The point of the key
is to have it verified with the individual end-users (i.e. a path in the
web of trust from the RM to the end-user), not whether it verifies
successfully.
Having a 'shared' key presents some security challenges in trying to keep
it safe from compromise. And, how do you verify that key - it's a group
key not tied to a person? Whomever needs to create a release needs that
key to sign with... This is predicated on the hope that we'll move to a
rotating RM in the future. We're not there yet because the process isn't
there yet.
Personally, I'd vote for just having the RM sign it with their personal key
and increasing the number of signatures on all of the RM's keys. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 17 19:03:50 2004