commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell" <flame...@gmail.com>
Subject Re: [all] MD5 and PGP generation [Was: [feedparser] News / Status]
Date Fri, 03 Mar 2006 01:17:03 GMT
On 3/2/06, Simon Kitching <skitching@apache.org> wrote:
> On Thu, 2006-03-02 at 14:50 -0800, Henri Yandell wrote:
> > > > We're not supposed to be using the pgp on minotaur; so my TODO is to
> > > > figure out how to get my key off of there, hope I still know the
> > > > passphrase,
> > >
> > > i hope so too :)
> > >
> > > there are various ways to export the key but copying the files should
> > > work fine too.
> >
> > Advice is to revoke it - as who knows what you evil buggers have been
> > doing to it :)
>
> It's not because people with access to minotaur are untrustworthy that
> keys shouldn't be there :-)

That was one of the reasons I was given :)

> It's that if the key is on there, someone who hacks that machine has
> *both* the key *and* the ability to publish what would seem to be
> "official" releases.

The solution to that is easy though. Two apache machines. So must be
more than that.

Hen

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message