incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: status of PGP support in Maven
Date Mon, 15 Sep 2008 14:40:53 GMT
Brett Porter wrote:
> 
> For the releases to be identified as from the incubator, they'll need to be
> signed solely by "the incubator". Did you want to elaborate on how you
> anticipated that set up working?

With PGP it's a web of trust.  Any ASF-role key would never be used to sign
any artifact.  Ideally, ASF-key would sign incubator key, incubator key
would sign Jane's key, Jane would RM and sign with her own key, and the web
of trust satisfies the trust requirement.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message