[csw-maintainers] [policy] GPG Signing Key handling

[Philip Brown]

On Mon, Feb 14, 2011 at 5:19 PM, Ben Walton <bwalton at opencsw.org> wrote:
> Excerpts from Ben Walton's message of Tue Feb 08 20:44:28 -0500 2011:
>
> Hi Maciej,
>
> Would you please initiate a ballotbin vote for this?  I didn't see any
> requests to alter the wording or any other tweaks, so the text below
> should be ok.


Odd... I thought my emails were fairly clear in indicating that the
existing wording did not adequately describe the situation


So let me be explicit, with 2 wording change requests to it, to
reiterate what I have already said in this email, yet has not been
acknowleged in the wording :(


1. Please mention that the key is already redundantly held, by two
people, not just one.
2. Please mention issues around the fact that once a person has the
key, they RETAIN THE KEY, even after their period of office is over,
unless we decide to revoke the key's validity globally, and thus force
all of our users to get a new key for us.

Additional:
It also may be helpful to explicitly add a "the existing key holders
are adequate" vote option
People who read hurriedly, may assume that it is somehow required to
vote for at least one of those three.


>
>> The GPG signing key is an important asset for OpenCSW.  As a member of
>> OpenCSW, you are asked to make three yes or no selections, one per
>> board position, to indicate which, if any, of the board positions you
>> feel should hold a copy of the key.  Selecting yes for a position
>> indicates that you feel this position (and consequently the person
>> holding this position from year to year) should be responsible for
>> holding a copy of the key.  Selecting no indicates that you do not
>> want this position to hold the key.
>>
>> Question 1: Should the Secretary position hold the key?  yes/no
>> Question 2: Should the Treasurer position hold the key?  yes/no
>> Question 3: Should the President position hold the key?  yes/no