From general-return-16276-apmail-incubator-general-archive=incubator.apache.org@incubator.apache.org Sun Oct 28 15:16:29 2007 Return-Path: Delivered-To: apmail-incubator-general-archive@www.apache.org Received: (qmail 63497 invoked from network); 28 Oct 2007 15:16:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Oct 2007 15:16:29 -0000 Received: (qmail 25789 invoked by uid 500); 28 Oct 2007 15:16:15 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 25631 invoked by uid 500); 28 Oct 2007 15:16:15 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 25620 invoked by uid 99); 28 Oct 2007 15:16:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Oct 2007 08:16:15 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of erik@codefaktor.de designates 62.75.252.62 as permitted sender) Received: from [62.75.252.62] (HELO mail.eatc.de) (62.75.252.62) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Oct 2007 15:16:24 +0000 Received: from [10.0.1.3] (p4FD2F3C4.dip.t-dialin.net [79.210.243.196]) by mail.eatc.de (Postfix) with ESMTP id DBD7013C42 for ; Sun, 28 Oct 2007 16:15:56 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: <200710281557.34469.niclas@hedhman.org> References: <200710281557.34469.niclas@hedhman.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Erik Abele Subject: Re: ASF Web of Trust [was: Release Distribution Strategy] Date: Sun, 28 Oct 2007 16:15:56 +0100 To: general@incubator.apache.org X-Mailer: Apple Mail (2.752.3) X-Virus-Checked: Checked by ClamAV on apache.org On 28.10.2007, at 08:57, Niclas Hedhman wrote: > On Sunday 28 October 2007 06:24, Noel J. Bergman wrote: >> Perhaps >> we should add some information on getting into the Web of Trust, >> although >> that is really a general committer item, not Incubator specific. > > I am not very security fluent, and perhaps someone could explain to > me; > > What is the difference of being an Apache committer/Member with the > *signed* > ICLA, which indeed is a legal document, and that other ASF folks > has seen > your driver's license (et al) and signed you into the web of trust? Um, these two things are totally unrelated. > From my perspective, the latter is not legally binding and at the > most act as > some form of "someone has identified it to be a real person with that > name"... Aye, given that you trust the government-issued doc (like a drivers license)... As BenL always says: "I don't give a shit about some random document, that could be faked anyway. All I care about is the email address connected to the key I intend to sign - is it really the address of the person in question?". > FWIW, I think ASF should increase the efforts in the ASF Web of > Trust, both > getting more people engaged (like myself, I can't figure out the > practical > details on how to go about it) Get a key, print the fingerprint and come to an AC and let it sign by some other folks - that's it. See also http://wiki.apache.org/apachecon/PgpKeySigning > as well as tooling support for verifications. http://httpd.apache.org/dev/verification.html Cheers, Erik --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org