[csw-maintainers] [policy] GPG Signing Key handling

Philip Brown phil at bolthole.com
Tue Feb 15 04:22:44 CET 2011


On Mon, Feb 14, 2011 at 6:57 PM, Ben Walton <bwalton at opencsw.org> wrote:
> Excerpts from Ben Walton's message of Tue Feb 08 20:44:28 -0500 2011:
>
> Proposed revision:
>
> The GPG signing key is an important asset for OpenCSW.  It is
> currently held by the release manager (a member) and backup release
> manager (a non-member), but by no members of the board.

Suggested edit:

... and backup release manager  (currently a maintainer, but not a
voting "member") ...


>
> As a member of OpenCSW, you are asked to make three yes or no
> selections, one per board position, to indicate which, if any, of the
> board positions you feel should hold a copy of the key.  Please
> consider that once a person holds the key, there is no way to
> officially revoke it from that member on change of office, short of
> revoking the key.


proposed additions

"Please consider..."
should start its own paragraph, to improve visibility.
It should also explicitly mention at the end, "this would require all
users of opencsw who use gpg validation, to be aware of the change,
and download a new key".


More information about the maintainers mailing list