Return-Path: Delivered-To: apmail-jakarta-commons-dev-archive@www.apache.org Received: (qmail 13496 invoked from network); 5 Mar 2006 16:33:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Mar 2006 16:33:26 -0000 Received: (qmail 53119 invoked by uid 500); 5 Mar 2006 16:34:10 -0000 Delivered-To: apmail-jakarta-commons-dev-archive@jakarta.apache.org Received: (qmail 53083 invoked by uid 500); 5 Mar 2006 16:34:10 -0000 Mailing-List: contact commons-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Jakarta Commons Developers List" Reply-To: "Jakarta Commons Developers List" Delivered-To: mailing list commons-dev@jakarta.apache.org Received: (qmail 53072 invoked by uid 99); 5 Mar 2006 16:34:10 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Mar 2006 08:34:10 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of sebbaz@gmail.com designates 64.233.182.206 as permitted sender) Received: from [64.233.182.206] (HELO nproxy.gmail.com) (64.233.182.206) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Mar 2006 08:34:09 -0800 Received: by nproxy.gmail.com with SMTP id x37so751479nfc for ; Sun, 05 Mar 2006 08:33:45 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d87yTpY7q3o/MT2etbxl8gJQTnyEnqGsgGCL9aY/7RNUefaZhpnpRlW/FQBOzOShKvXQK28AVB2vS4KioWY0y23Kkya79xsaYMGAggsjj8vtd5UTaZTCexpXvLAJcLvUU4BEjxzIFMxddFkHgQfpq+uTsd8GRmGCiwdUb1nyXzo= Received: by 10.49.41.4 with SMTP id t4mr2014247nfj; Sun, 05 Mar 2006 08:33:45 -0800 (PST) Received: by 10.48.108.18 with HTTP; Sun, 5 Mar 2006 08:33:45 -0800 (PST) Message-ID: <25aac9fc0603050833m1acd5c10x@mail.gmail.com> Date: Sun, 5 Mar 2006 16:33:45 +0000 From: sebb To: "Jakarta Commons Developers List" Subject: Re: [all] MD5 and PGP generation [Was: [feedparser] News / Status] In-Reply-To: <31cc37360603021717y76631adcxad00de077ac8a6f3@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <25aac9fc0603021052g5dd3ba6ex@mail.gmail.com> <8a81b4af0603021150g532e9258ge8002bd25df76778@mail.gmail.com> <31cc37360603021403q1fe72954p8568507c7bace3c9@mail.gmail.com> <1141339776.5040.60.camel@knossos.elmet> <31cc37360603021450j4fdbb99en3a1a7399306bc168@mail.gmail.com> <1141346412.3851.19.camel@localhost.localdomain> <31cc37360603021717y76631adcxad00de077ac8a6f3@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On 03/03/06, Henri Yandell wrote: > On 3/2/06, Simon Kitching wrote: > > On Thu, 2006-03-02 at 14:50 -0800, Henri Yandell wrote: > > > > > We're not supposed to be using the pgp on minotaur; so my TODO is= to > > > > > figure out how to get my key off of there, hope I still know the > > > > > passphrase, > > > > > > > > i hope so too :) > > > > > > > > there are various ways to export the key but copying the files shou= ld > > > > work fine too. > > > > > > Advice is to revoke it - as who knows what you evil buggers have been > > > doing to it :) > > > > It's not because people with access to minotaur are untrustworthy that > > keys shouldn't be there :-) > > That was one of the reasons I was given :) > > > It's that if the key is on there, someone who hacks that machine has > > *both* the key *and* the ability to publish what would seem to be > > "official" releases. > > The solution to that is easy though. Two apache machines. So must be > more than that. If releases are signed on committers private machines, then this is more than two machines ... and each private machine will only have a few private keys on it. By the by, generating the signing keys with a short life-span (1-2 years) should help protect in the long term. --------------------------------------------------------------------- To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: commons-dev-help@jakarta.apache.org