incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Re: status of PGP support in Maven
Date Thu, 25 Sep 2008 01:22:59 GMT
William A. Rowe, Jr. wrote:
> Henning Schmiedehausen wrote:
>> So you assume that that www.apache.org can not be hacked? What if a
>> signing key *IS* in KEYS but not signed by anyone (because the developer
>> has never attended an Apache key signing event)?
> 
> No, I answered your question.
> 
> W.r.t. www.apache.org/dist/{tlp}/KEYS, we have a serious issue to address,
> because it's not https: accessible so cannot be trusted.  Yes, it's quite
> possible to fetch https://svn.apache.org/repos/asf/{tlp}/{code}/trunk/KEYS
> but that's not what we suggest, and suboptimal to boot.

Open an infrastructure JIRA ticket and I'll figure out getting https:// 
on www.apache.org sooner or later.

Thanks,

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message