incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilles Scokart" <gscok...@gmail.com>
Subject Re: enforced signing of artifacts, [was maven repository]
Date Mon, 02 Jun 2008 06:58:36 GMT
2008/5/31 Noel J. Bergman <noel@devtech.com>:

> Implement that, and we're fine.  We will
> require Incubator artifacts to be signed by a designated key available to
> the PMC, and once a user has acknowledged that they accept such Incubator
> signed artifacts, maven can do what it wants with them.
>
>        --- Noel
>

Is that really possible?  I remember some discussion on the infra list
about an ASF wide signature.  And the conclusion was always the same :
how to secure a key that can be used by so many people.  If I remember
well, some solution were proposed, but they were quiet heavy.
Do we have a solution for that?



-- 
Gilles Scokart

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message