On Mon, 2008-02-25 at 13:20 -0500, Ricky Zhou wrote: > > The FAS just needs to be able to access the key someone has signed the > > CLA with, right? Perhaps instead of requiring any particular > > keyserver at all, the sign up could just let the user paste their key? > > Then, with a little bit of pygpgme (or whatever glue you like), add > > that key to an FAS keyring and verify the CLA signature. I could be > > missing something obvious about why the process requires using a > > keyserver, but it seems to me like that requirement could be removed > > without much trouble. > For what it's worth, this would make it way easier to implement from the > pygpgme side. Right now, I don't see any nice mechanism for downloading > keys from the keyserver (although I might just be missing it), and the > current CLA code uses kind of a hack with keyserver-options auto-key-retrieve, > which only works when we're verifying a signature. > We can definitely break the key up with pygpgme - but to be fair downloading keys from the keyserver can be done using hkp. -sv _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
