forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <cross...@apache.org>
Subject Re: PGP keys
Date Thu, 07 Oct 2004 00:29:15 GMT
Dave Brondsema wrote:
> 
> All we really need is the ascii-armored public key block.  The owner 
> email address and signer's email addresses are just for convenience. 
> I'd be fine with removing the list of signers since that is a lot to 
> scroll past.  We should keep the owners email address though.

Okay, we should do that.

> Strictly speaking, we don't need the KEYS file at all.  If we create a 
> signature file with appended signatures from each of us, then running 
> verify will tell the user which keys were used.  If they don't have 
> those keys in their keyring they can download them from the keyserver.

That sounds a lot smoother. We just need to document that
process on our download page and in docs. I suggest that
we retain the KEYS file for this release because we are too
close to our release date. For the next release we could do
as you suggest and follow up on Dirk's suggestion.
 
-- 
David Crossley


Mime
View raw message