incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@gmail.com>
Subject Re: key signing
Date Thu, 11 Oct 2012 01:14:15 GMT
On Wed, Oct 10, 2012 at 9:10 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> Greg Stein wrote on Wed, Oct 10, 2012 at 19:44:30 -0400:
>> I've read this entire thread (whew!), and would actually like to throw out
>> a contrary position:
>>
>> No signed keys.
>>
>> Consider: releases come from the ASF, not a person.
>
> Therefore, releases should be signed by the ASF as an organisation, not
> by individual persons.  Right?

I would be completely supportive of an Infra-managed private key for
signing releases.

My point is that our instructions to users don't really incorporoate
the notions of "keys", and (thus) provide near-zero utility. For such
a long thread, for such little gain... my thought was "toss the
concept. throw out the keys."

>...
> Daniel
> (infra hat off, devil's advocate hat on)

hehe. And my devil's advocate is: "keys provide no additional benefit
for end users. demonstrate otherwise."

Cheers,
-g

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message