Return-Path: Delivered-To: apmail-cocoon-dev-archive@www.apache.org Received: (qmail 78436 invoked from network); 23 Oct 2004 00:30:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 23 Oct 2004 00:30:08 -0000 Received: (qmail 47954 invoked by uid 500); 23 Oct 2004 00:30:00 -0000 Delivered-To: apmail-cocoon-dev-archive@cocoon.apache.org Received: (qmail 47878 invoked by uid 500); 23 Oct 2004 00:30:00 -0000 Mailing-List: contact dev-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@cocoon.apache.org Delivered-To: mailing list dev@cocoon.apache.org Received: (qmail 47861 invoked by uid 99); 23 Oct 2004 00:29:59 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from [81.209.148.130] (HELO dd2020.kasserver.com) (81.209.148.130) by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 22 Oct 2004 17:29:59 -0700 Received: from [192.168.1.2] (pD9E9CB8D.dip0.t-ipconnect.de [217.233.203.141]) by dd2020.kasserver.com (Postfix) with ESMTP id D6BC3147945 for ; Sat, 23 Oct 2004 02:29:55 +0200 (CEST) Message-ID: <4179A6C6.7040409@apache.org> Date: Sat, 23 Oct 2004 02:33:10 +0200 From: Torsten Curdt User-Agent: Mozilla Thunderbird 0.8 (X11/20041012) X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@cocoon.apache.org Subject: Re: [GT 2004] PGP key signing? References: <20041001030315.M18231@skutsje.san.webweaving.org> <1098456388.22786.370.camel@ighp> <417926B8.30409@apache.org> <1098488965.22790.1054.camel@ighp> In-Reply-To: <1098488965.22790.1054.camel@ighp> X-Enigmail-Version: 0.86.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N > Excellent, that will strengthen the ties to the crowd > via Carsten. > http://www.apache.org/~henkp/trust/apache.html Carsten, Sylvain ...looks like you did not yet sign and/or update the keys on pgp.mit.edu? >>What is it for? > > > So that people can verify the integrity of our releases. ...because not everyone knows our keys are at pgp.mit.edu we ship them ...I see > Oh no! I just realised that the Cocoon download page does > not promote the use of keys or md5sum at all. > > See Forrest download for explanation. We investigated lots > of other Apache projects to then build our download facility. > http://forrest.apache.org/mirrors.cgi > > Henk's pages use each project's KEYS file: > > [1] http://www.apache.org/~henkp/trust/apache.html > [2] http://www.apache.org/~henkp/ => Integrity ah... ok! Thanks for the explanation :) -- Torsten