incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Abele <e...@codefaktor.de>
Subject Re: ASF Web of Trust [was: Release Distribution Strategy]
Date Sun, 28 Oct 2007 15:15:56 GMT
On 28.10.2007, at 08:57, Niclas Hedhman wrote:

> On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
>> Perhaps
>> we should add some information on getting into the Web of Trust,  
>> although
>> that is really a general committer item, not Incubator specific.
>
> I am not very security fluent, and perhaps someone could explain to  
> me;
>
> What is the difference of being an Apache committer/Member with the  
> *signed*
> ICLA, which indeed is a legal document, and that other ASF folks  
> has seen
> your driver's license (et al) and signed you into the web of trust?

Um, these two things are totally unrelated.

> From my perspective, the latter is not legally binding and at the  
> most act as
> some form of "someone has identified it to be a real person with that
> name"...

Aye, given that you trust the government-issued doc (like a drivers  
license)...

As BenL always says: "I don't give a shit about some random document,  
that could be faked anyway. All I care about is the email address  
connected to the key I intend to sign - is it really the address of  
the person in question?".

> FWIW, I think ASF should increase the efforts in the ASF Web of  
> Trust, both
> getting more people engaged (like myself, I can't figure out the  
> practical
> details on how to go about it)

Get a key, print the fingerprint and come to an AC and let it sign by  
some other folks - that's it.

See also http://wiki.apache.org/apachecon/PgpKeySigning

> as well as tooling support for verifications.

http://httpd.apache.org/dev/verification.html

Cheers,
Erik

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message