beam-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Halperin (JIRA)" <>
Subject [jira] [Created] (BEAM-488) Remove KEYS file
Date Tue, 26 Jul 2016 06:23:20 GMT
Daniel Halperin created BEAM-488:

             Summary: Remove KEYS file
                 Key: BEAM-488
             Project: Beam
          Issue Type: Task
          Components: project-management
    Affects Versions: Not applicable
            Reporter: Daniel Halperin
            Assignee: Daniel Halperin

> Bundling PGP keys inside a package is worse than worthless -- an attacker can
just bundle spoofed keys with a bogus distro!  Keys need to be made available
from a highly reliable, separate server: Download the main package from a
mirror, get PGP keys from,, etc. and verify.
> The KEYS file within the Beam source tree should be deleted.

This message was sent by Atlassian JIRA

View raw message