httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: httpd-dist KEYS
Date Mon, 17 Feb 2003 19:38:57 GMT
jerenkrantz    2003/02/17 11:38:57

  Modified:    .        KEYS
  Oh, wordsmith away.  We don't bite, but let's not tell anyone that.
  Revision  Changes    Path
  1.34      +24 -2     httpd-dist/KEYS
  Index: KEYS
  RCS file: /home/cvs/httpd-dist/KEYS,v
  retrieving revision 1.33
  retrieving revision 1.34
  diff -u -u -r1.33 -r1.34
  --- KEYS	6 Jan 2003 03:09:06 -0000	1.33
  +++ KEYS	17 Feb 2003 19:38:57 -0000	1.34
  @@ -1,6 +1,28 @@
  -This file contains the PGP keys of various Apache developers.
  -Please don't use them for email unless you have asked the owner,
  +This file contains the PGP keys of various developers that work on
  +the Apache HTTP Server and its subprojects.
  +Please don't use these keys for email unless you have asked the owner
   because some keys are only used for code signing.
  +Please realize that this file itself or the public key servers may be
  +compromised.  You are encouraged to validate the authenticity of these keys in
  +an out-of-band manner.  A good start would be face-to-face communication with
  +multiple photo identification confirmations.  Each contributor has their
  +location information available at
  +Since the developers are usually quite busy, you may not immediately find
  +success in someone who is willing to meet face-to-face (they may not even
  +respond to your emails because they are so busy!).  If you do not have a
  +developer nearby or have trouble locating a suitable person, please send an
  +email to the release manager of the release you are attempting to verify.  They
  +may be able to find someone who will be willing to verify their key in a less
  +secure manner (over the phone perhaps).
  +Most of the people in this file have attempted to sign each others' keys
  +(usually with face-to-face validation).  Therefore, in order to enter the web
  +of trust, you should only need to validate one person in this file.  For more
  +information on determining what level of trust works best for you, please see
   Apache users: pgp < KEYS
   Apache developers: 

View raw message