incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: KEYS and releases
Date Mon, 27 Jun 2011 12:20:29 GMT
It seems to me that KEYS in the release is somewhat counterproductive.
The goal here is to allow and encourage consumers to independently
verify signatures. That calls for KEYS somewhere else than inside the
package.

On Mon, Jun 27, 2011 at 7:10 AM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> Jukka Zitting wrote on Mon, Jun 27, 2011 at 11:07:11 +0200:
>> Hi,
>>
>> On Mon, Jun 27, 2011 at 6:32 AM, Noel J. Bergman <noel@devtech.com> wrote:
>> > It seems to me to be a bad idea to distribute keys with releases.  And don't
>> > we already have some ASF-wide policy for managing keys?
>>
>> http://www.apache.org/dev/release-signing.html#keys-policy
>> http://incubator.apache.org/guides/releasemanagement.html#distribution-signing
>>
>> The latter spells out the preferred KEYS file location: "Each podling
>> should maintain its own KEYS file directly in the podling distribution
>> directory."
>>
>
> The latter predates https://people.apache.org/keys/.  I don't know if
> the IPMC ever considered which of the two it prefers.
>
>> BR,
>>
>> Jukka Zitting
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message