incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: key signing
Date Mon, 08 Oct 2012 17:05:31 GMT
On Mon, Oct 8, 2012 at 12:47 PM, Dennis E. Hamilton <orcmid@apache.org> wrote:
> I don't understand what "keys from LDAP" are?
>
> Are these the same as keys whose fingerprints a ASF committer registers in their account
or something else?

Yes. Sorry for the foggy phraseology.


>
>  - Dennis
>
> -----Original Message-----
> From: Benson Margulies [mailto:bimargulies@gmail.com]
> Sent: Monday, October 08, 2012 08:54
> To: general@incubator.apache.org
> Subject: Re: key signing
>
> [ ... ]
>
> In my opinion, that's vanishingly unlikely, and so the best we can do
> is to allow users to verify that the signature was, in fact, made by
> the 'Apache hat' that it claimed to be made by. Using the keys in
> KEYS, or the fingerprints from LDAP, seems the best they can do.
>
> [ ... ]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message