Received: (from majordom@localhost) by hyperreal.com (8.8.4/8.8.4) id NAA28322; Thu, 17 Apr 1997 13:11:27 -0700 (PDT) Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hyperreal.com (8.8.4/8.8.4) with SMTP id NAA28053 for ; Thu, 17 Apr 1997 13:10:44 -0700 (PDT) Received: from gonzo.ben.algroup.co.uk (gonzo.ben.algroup.co.uk [193.133.15.1]) by eastwood.aldigital.algroup.co.uk (8.6.12/8.6.12) with SMTP id UAA18502 for ; Thu, 17 Apr 1997 20:10:00 GMT Subject: Re: [STATUS] Sun Apr 13 19:08:09 PDT 1997 To: new-httpd@apache.org Date: Thu, 17 Apr 1997 21:04:45 +0100 (BST) From: Ben Laurie In-Reply-To: <97041714533564@decus.org> from "Rodent of Unusual Size" at Apr 17, 97 02:53:35 pm X-Mailer: ELM [version 2.4 PL24 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID: <9704172104.aa08320@gonzo.ben.algroup.co.uk> Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org Rodent of Unusual Size wrote: > > From the fingers of Rodent of Unusual Size flowed the following: > > > >From the fingers of Dean Gaudet flowed the following: > >> > >>Contrib stuff / future: > >> > >> * Start digital signing the distributions. > > > > Should we start this with 1.2? Just for grins, I created a keypair > > for "The Apache Group", but it's unclear how to distribute the > > secret key (or to whom). Via file on Taz..? > > No comment from anyone; maybe it didn't make it to the list > properly? (Or is it just too boring? ;-) Not too boring ... too tricky, I suspect! Clearly, the secret key must be distributed secretly, or it isn't secret. But doesn't it make more sense to have a list of people whose keys are good for signing Apache? Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author