httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Fwd: 1.3.1 missing pgp signature
Date Mon, 27 Jul 1998 19:27:13 GMT
Dean Gaudet wrote:
> 
> On Sat, 25 Jul 1998, Ben Laurie wrote:
> 
> > Dean Gaudet wrote:
> > >
> > > I disagree.  Last time I signed a release we got a few dozen emails
> > > indicating I'd done it wrong.  Apparently I wasn't supposed to use the
> > > most recent pgp 5, or some crap like that.  Excuse me, but pgp sucks.
> > > They don't interoperate between versions.  The key servers seem to change
> > > address every couple of months, and there's no damn FAQ that says "here
> > > are the 12 steps to working well with the rest of the world".
> > >
> > > I wasted, and I do mean waste, a day trying to figure it out.  And I
> > > couldn't.  I still can't interoperate with eudora's pgp plugin.  I still
> > > don't know if my key is in the right key servers.  I don't know if my pine
> > > pgp plugin is doing the right thing... the list goes on.
> >
> > It's interesting that everyone seems to have their own area of
> > incompetence. But you do seem to be introducing several red herrings:
> > firstly, key servers; they may have their failings, but so what?
> 
> When I signed one of the 1.3 betas I got several pieces of email asking
> "why isn't your key in the key server?".  So, it's relevant.
> 
> > We
> > don't need them, and they are fairly valueless when it comes to trust
> > anwyay. Eudora and pine plugins? Fascinating, but irrelevant.
> 
> I think it's stupid not to sign the outgoing announcement.
> 
> > All we
> > need is that you can sign a binary, having verified that the binary is
> > correct and that you can put your public key in the public key file.
> > Yes, it'd be nice if you could also sign emails, put your key on key
> > servers and so forth, but completely not needed to sign Apache tarballs.
> 
> Disagree.

OK, I can see that. If you really want to get PGP sorted out, I'd be
more than willing to help. I can't see that PGP 5 is a problem (yeah,
people with 2.x can't interoperate but they can upgrade like the rest of
us), though if you can be bothered generating a key with 2.x then
switching to 5 seems like the way to go these days.

Can't help you with Eudora or pine, though - I don't use them.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Mime
View raw message