httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: Bad key from your id on Apache Windows Binary
Date Mon, 05 Mar 2007 16:12:11 GMT
On 3/4/07, Russ Austin <austin.russ@gmail.com> wrote:

>
> "I notice it says bad key, not bad signature.  Interesting.
>
> It's a web of trust, now that you trust me, you trust those who's keys
> I've signed.  Since you trusted nobody, you had no trust link to me.
>
> The instructions probably deserve another look, perhaps ping the list
> docs@httpd.apache.org to explain your story and ask for some clarification
> be added to those instructions :)

You might want to read this page:
http://httpd.apache.org/dev/verification.html
which is linked from the download page.

It explains the web-of-trust thing in a little more detail.

In general, for the average downloader, establishing a trust
relationship to the signer is going to be pretty difficult.  If you
trust apache.org, then just verifying the md5 signature is enough.  If
you don't trust apache.org (and really, you shouldn't), you'll need to
find some out-of-band way to verify either the md5 or the pgp key.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message