incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: key signing
Date Thu, 11 Oct 2012 01:39:33 GMT
Greg Stein wrote on Wed, Oct 10, 2012 at 21:31:30 -0400:
> Not too much. We still instruct users "take the signatures and verify
> them against blah.apache.org/KEYS". John Blackhat could replace the
> signatures and install his entry into KEYS.

If you use https://people.apache.org/keys/ instead of KEYS files in the
dist/ tree, John would have to crack two machines rather than one.

</plug> :-P

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message