incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mattmann, Chris A (388J)" <>
Subject Re: KEYS and releases
Date Tue, 28 Jun 2011 03:25:51 GMT
Hey Hyrum,



On Jun 27, 2011, at 7:24 PM, Hyrum K Wright wrote:

> On Mon, Jun 27, 2011 at 4:59 PM, Mattmann, Chris A (388J)
> <> wrote:
>> Yep, makes sense. Like I told Benson, I wasn't exactly sure if the mirroring system
were read only downstream of the Apache root sources (IOW, I thought we had more control then
in reality we did).
>> BTW, if someone could point me to a document where this is described, that would
certainly help me refer it to others in the future.
> Several projects reference the httpd document entitled "Verifying
> Apache HTTP Server Releases," which includes good commentary on why
> it's important to download the signatures directly from Apache
> hardware, and keys from the public keyrings.  You can find it here:
> I also found several other documents about making releases and signing
> them, but these mostly addressed the process from a release manager's
> perspective, and not an end users.
> -Hyrum
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Chris Mattmann, Ph.D.
Senior Computer Scientist
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 171-266B, Mailstop: 171-246
Adjunct Assistant Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message