incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Akolkar" <rahul.akol...@gmail.com>
Subject Re: Some help with Lucene.Net release
Date Sun, 18 Mar 2007 16:07:46 GMT
On 3/18/07, Gwyn Evans <gwyn.evans@gmail.com> wrote:
<snip/>
>
> The critical bit is getting the key fingerprint in a way where the
> provider's identity can be verified...
>
<snap/>

Somewhat mitigated by listing your fingerprint here [1]. So having
your key on a couple of the prominent key servers and listing the
fingerprint on community central is a good start within our community.
For users, obtaining the KEYS and sigs from the Apache /dist space
(rather than a mirror) -- as we recommend -- reduces chances of
mischief.

All this works OK based on the assumption that none of these ASF
resources are bungled or compromised.

So, to answer the first question below: Not a must.

-Rahul

[1] http://people.apache.org/


> /Gwyn
>
> On 18/03/07, George Aroush <george@aroush.net> wrote:
> > Thanks Bertrand!
> >
> > All: must the key be signed by someone other then me?  If so, can someone
> > from ASF do so?
> >
> > Thanks.
> >
> > -- George
> >
<snip/>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message