cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <cross...@apache.org>
Subject Re: [GT 2004] PGP key signing?
Date Fri, 22 Oct 2004 23:49:29 GMT
Torsten Curdt wrote:
> > So how did the key signing go at the GetTogether?
> 
> Did go well :-)
> 
> At least Bertrand, Carsten, Marcus, Sylvain and me signed keys.

Excellent, that will strengthen the ties to the crowd
via Carsten.
http://www.apache.org/~henkp/trust/apache.html

> > Did you also update the KEYS file in our cocoon SVN?
> 
> Ups ...didn't know we have such a file :-)
> 
> What is it for?

So that people can verify the integrity of our releases.

Oh no! I just realised that the Cocoon download page does
not promote the use of keys or md5sum at all.

See Forrest download for explanation. We investigated lots
of other Apache projects to then build our download facility.
http://forrest.apache.org/mirrors.cgi

Henk's pages use each project's KEYS file:

[1] http://www.apache.org/~henkp/trust/apache.html
[2] http://www.apache.org/~henkp/ => Integrity

-- 
David Crossley


Mime
View raw message