incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: KEYS and releases
Date Tue, 28 Jun 2011 10:28:55 GMT
On Tue, Jun 28, 2011 at 12:22 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> Christian Grobmeier wrote on Tue, Jun 28, 2011 at 11:20:13 +0200:
>> >> we copy a KEYS file into that directory upon succesful VOTE of the release
>> >> artifacts (which also include the KEYS file).
>> >
>> > Perhaps, but the point we're getting at was explicitly stated by Benson,
>> > "The goal here is to allow and encourage consumers to independently verify
>> > signatures.  That calls for KEYS somewhere else than inside the package."
>>
>> I am sorry to ask it again, but why can't the incubator have a policy
>> to make people use:
>> https://id.apache.org/
>> to store their signing key.
>>
>
> You mean "To store the fingerprint of their public key."

Indeed

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message