lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hostetter <hossman_luc...@fucit.org>
Subject Re: svn commit: r954674 - /lucene/java/dist/KEYS
Date Wed, 16 Jun 2010 20:37:44 GMT

: It shouldn't hold a key you don't trust 100%. Presumably the very old
: committers are still happy that their keys are in their possession.

 * if you feel that people can still trust releases signed with that key, 
   then it should stay in the KEYS file.
 * If you don't feel that people can still trust releases signed with that 
   key, then removing that key from KEYS isn't enough -- those releases 
   should also be verified and resigned with a key that can be trusted.

...that is the theory anyway, as i understand it.  Wether it's actaully 
worth re-signing old releases (as a practical issue) is another matter.


-Hoss


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message