Return-Path: Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 14954 invoked by uid 500); 19 Feb 2003 06:06:52 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 14939 invoked from network); 19 Feb 2003 06:06:51 -0000 Date: 19 Feb 2003 06:08:34 -0000 Message-ID: <20030219060834.29756.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Cc: Subject: DO NOT REPLY [Bug 17119] - serve page under https to facilitate out-of-band contact for pgp fingerprint verification X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17119 serve page under https to facilitate out-of-band contact for pgp fingerprint verification ------- Additional Comments From jerenkrantz@apache.org 2003-02-19 06:08 ------- The reason to distribute the KEYS file at all is to know what keys are the 'right ones' rather than obtaining current signatories for the keys. If you wish to obtain the current list of signatures for a key, you need to consult the public key server. It is unreasonable to expect us to update the keys on a regular basis when people outside of our control may sign our keys and update the key servers without our intervention. (Why they would do it without consulting us is beyond me, but we've had people sign all of our keys whom we don't know.) We're providing the KEYS file as a mechanism for bootstrapping, but that only goes so far. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org