Hello,

as you know do you not only have to sign your package but also use a
fully trusted key for this. There are a few developers and trusted users
which are no longer able to publish packages due to this policy. I would
suggest we set them as "inactive" in archweb, disable their ssh access
and orphan their packages and bug reports. Don't get me wrong though; I
don't want to kick anybody out and I'd be more than happy to welcome any
of those back to our team. But if people are (temporary) inactive we
need to know.

Here is a list of people which didn't upload a gpg key to archweb at
all. The had several months to do so and didn't reply to an additional
mail I had sent in November last year.

Dale Blount
Aaron Griffin
Tobias Kieslich
Paul Mattal
Mateusz Herych
Imanol Celaya

The following people have a key but it is not fully trusted. That means
their keys are not signed by at least three master keys.

Kaiting Chen
Kevin Piche
Vesa Kaihlavirta

If anybody know anything about the status of these fellow let me know.
The first group can be set to inactive right away imho. I already talked
to Vesa and he promised to get the missing signature soon.

Finally I'd also like to encourage everyone to get all five master key
signatures even if three are technically sufficient for now.

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com

On 20/02/12 03:15, Pierre Schmitz wrote:
> Hello,
>
> as you know do you not only have to sign your package but also use a
> fully trusted key for this. There are a few developers and trusted users
> which are no longer able to publish packages due to this policy. I would
> suggest we set them as "inactive" in archweb, disable their ssh access
> and orphan their packages and bug reports. Don't get me wrong though; I
> don't want to kick anybody out and I'd be more than happy to welcome any
> of those back to our team. But if people are (temporary) inactive we
> need to know.
>
> Here is a list of people which didn't upload a gpg key to archweb at
> all. The had several months to do so and didn't reply to an additional
> mail I had sent in November last year.
>
> Dale Blount
> Aaron Griffin
> Tobias Kieslich
> Paul Mattal
> Mateusz Herych
> Imanol Celaya
>
> The following people have a key but it is not fully trusted. That means
> their keys are not signed by at least three master keys.
>
> Kaiting Chen
> Kevin Piche
> Vesa Kaihlavirta
>
> If anybody know anything about the status of these fellow let me know.
> The first group can be set to inactive right away imho. I already talked
> to Vesa and he promised to get the missing signature soon.

Ack. I sent them all two emails to get their key signed too. None of
those are that surprising. Probably should keep ssh access for Aaron
as I believe he pops in once in a while even though he does not

Allan

On 20/02/12 09:25, Allan McRae wrote:
> On 20/02/12 03:15, Pierre Schmitz wrote:
>> Hello,
>>
>> as you know do you not only have to sign your package but also use a
>> fully trusted key for this. There are a few developers and trusted users
>> which are no longer able to publish packages due to this policy. I would
>> suggest we set them as "inactive" in archweb, disable their ssh access
>> and orphan their packages and bug reports. Don't get me wrong though; I
>> don't want to kick anybody out and I'd be more than happy to welcome any
>> of those back to our team. But if people are (temporary) inactive we
>> need to know.
>>
>> Here is a list of people which didn't upload a gpg key to archweb at
>> all. The had several months to do so and didn't reply to an additional
>> mail I had sent in November last year.
>>
>> Dale Blount
>> Aaron Griffin
>> Tobias Kieslich
>> Paul Mattal
>> Mateusz Herych
>> Imanol Celaya
>>
>> The following people have a key but it is not fully trusted. That means
>> their keys are not signed by at least three master keys.
>>
>> Kaiting Chen
>> Kevin Piche
>> Vesa Kaihlavirta
>>
>> If anybody know anything about the status of these fellow let me know.
>> The first group can be set to inactive right away imho. I already talked
>> to Vesa and he promised to get the missing signature soon.
>
> Ack. I sent them all two emails to get their key signed too. None of
> those are that surprising. Probably should keep ssh access for Aaron
> as I believe he pops in once in a while even though he does not

package...

> Allan
>
>

Am 19.02.2012 18:15, schrieb Pierre Schmitz:
> The following people have a key but it is not fully trusted. That means
> their keys are not signed by at least three master keys.
>
> Kaiting Chen
> Kevin Piche
> Vesa Kaihlavirta

Vesa has now a fully trusted key. There was no response from neither
Kevin nor Kaiting and they both have a key which isn't signed by anybody
else. Any objections to set them inactive as well?

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com

On 26/02/12 04:15, Pierre Schmitz wrote:
> Am 19.02.2012 18:15, schrieb Pierre Schmitz:
>> The following people have a key but it is not fully trusted. That means
>> their keys are not signed by at least three master keys.
>>
>> Kaiting Chen
>> Kevin Piche
>> Vesa Kaihlavirta
>
> Vesa has now a fully trusted key. There was no response from neither
> Kevin nor Kaiting and they both have a key which isn't signed by anybody
> else. Any objections to set them inactive as well?
>

Do it.

On 06/04/12 13:46, K. Piche wrote:
> On Sun, 2012-02-26 at 07:56 +1000, Allan McRae wrote:
>> On 26/02/12 04:15, Pierre Schmitz wrote:
>>> Am 19.02.2012 18:15, schrieb Pierre Schmitz:
>>>> The following people have a key but it is not fully trusted. That means
>>>> their keys are not signed by at least three master keys.
>>>>
>>>> Kaiting Chen
>>>> Kevin Piche
>>>> Vesa Kaihlavirta
>>>
>>> Vesa has now a fully trusted key. There was no response from neither
>>> Kevin nor Kaiting and they both have a key which isn't signed by anybody
>>> else. Any objections to set them inactive as well?
>>>
>>
>> Do it.
>
> Interesting. I've only received an email from Pierre about key signing.
> Unfortunately I've forgotten my passphrase anyways so would have to
> create another key. I'll setup another one on the keyserv and contact
> the master signers.
>

I email kevin @ archlinux. If that no longer forwards somewhere useful
then you should change you email address on your developer profile (once
it is reinstated).

Allan

On Sun, 2012-02-26 at 07:56 +1000, Allan McRae wrote:
> On 26/02/12 04:15, Pierre Schmitz wrote:
> > Am 19.02.2012 18:15, schrieb Pierre Schmitz:
> >> The following people have a key but it is not fully trusted. That means
> >> their keys are not signed by at least three master keys.
> >>
> >> Kaiting Chen
> >> Kevin Piche
> >> Vesa Kaihlavirta
> >
> > Vesa has now a fully trusted key. There was no response from neither
> > Kevin nor Kaiting and they both have a key which isn't signed by anybody
> > else. Any objections to set them inactive as well?
> >
>
> Do it.

Interesting. I've only received an email from Pierre about key signing.
Unfortunately I've forgotten my passphrase anyways so would have to
create another key. I'll setup another one on the keyserv and contact
the master signers.

k


--
K. Piche <kpiche@rogers.com>