httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: please sign new apache releases only with strong keys -- trimming the KEYS file
Date Tue, 31 Dec 2013 18:19:45 GMT
On 31 Dec 2013, at 20:07, Issac Goldstand <margol@beamartyr.net> wrote:

> Not in this case.  Revoking would be a statement by the key owner that
> the key is no good (something that would probably be smart to do, but at
> the same time way out of the PMC's control).  Pruning the KEYS file is a
> statement by the PMC about what keys the PMC authorizes to sign artifacts.

It is also a statement of what keys have historically been used to sign past artifacts, and
that is just as important.

Regards,
Graham
--


Mime
View raw message