Return-Path: Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: (qmail 72342 invoked from network); 5 Mar 2007 16:12:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Mar 2007 16:12:38 -0000 Received: (qmail 54119 invoked by uid 500); 5 Mar 2007 16:12:46 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 54034 invoked by uid 500); 5 Mar 2007 16:12:46 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 54023 invoked by uid 99); 5 Mar 2007 16:12:46 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Mar 2007 08:12:46 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jslive@gmail.com designates 64.233.162.239 as permitted sender) Received: from [64.233.162.239] (HELO nz-out-0506.google.com) (64.233.162.239) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Mar 2007 08:12:35 -0800 Received: by nz-out-0506.google.com with SMTP id x7so1607464nzc for ; Mon, 05 Mar 2007 08:12:15 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=DcfK9j+LX3vIRcnHWHvfXOXegYZI8NZAD+F8M7In41Vl4J88Qaas+tY6xgLHrbeKndiaJPcIRAv3qAPQfHQPNuHAO4Ipf/Yxn9peKwSCk19FeSJBX+nSidxQTIfp0NIh0df4arjw1CoELMxZp/GLb3PxyC2d8uciJ9G88EWjCUQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=NdhPHU1S9XMNeFhUmwS0RB0wsELzn4xVzBYlU7LRBQHfy+8PESyfR4wDJ3xAzOYeTJzBIb0fRoamzoOcP1f2MsLe1IT8BUNVfSg40oBAQXByQgoHjfJ9pXbUmn4DzRtkVov7wTVVg4kATm8VbrCJgWWiC3k/TaxoBrK5BXB4ZOE= Received: by 10.114.205.1 with SMTP id c1mr1305006wag.1173111131835; Mon, 05 Mar 2007 08:12:11 -0800 (PST) Received: by 10.114.131.4 with HTTP; Mon, 5 Mar 2007 08:12:11 -0800 (PST) Message-ID: Date: Mon, 5 Mar 2007 11:12:11 -0500 From: "Joshua Slive" Sender: jslive@gmail.com To: docs@httpd.apache.org Subject: Re: Bad key from your id on Apache Windows Binary In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <45E0F3E3.8010004@rowe-clan.net> <45E2103B.5000106@rowe-clan.net> X-Google-Sender-Auth: e4c42bca53ed1678 X-Virus-Checked: Checked by ClamAV on apache.org On 3/4/07, Russ Austin wrote: > > "I notice it says bad key, not bad signature. Interesting. > > It's a web of trust, now that you trust me, you trust those who's keys > I've signed. Since you trusted nobody, you had no trust link to me. > > The instructions probably deserve another look, perhaps ping the list > docs@httpd.apache.org to explain your story and ask for some clarification > be added to those instructions :) You might want to read this page: http://httpd.apache.org/dev/verification.html which is linked from the download page. It explains the web-of-trust thing in a little more detail. In general, for the average downloader, establishing a trust relationship to the signer is going to be pretty difficult. If you trust apache.org, then just verifying the md5 signature is enough. If you don't trust apache.org (and really, you shouldn't), you'll need to find some out-of-band way to verify either the md5 or the pgp key. Joshua. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org