www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell" <flame...@gmail.com>
Subject Re: Summary
Date Sat, 04 Mar 2006 05:17:36 GMT
On 3/3/06, Dain Sundstrom <dain@iq80.com> wrote:
> On Mar 3, 2006, at 4:00 AM, Brett Porter wrote:
>
> > On writability, my understanding is that files should be 644 and
> > directories 775, with the sections separated by TLP owned by their
> > group only.
>
> For the release repository they could be 444 (to avoid the
> possibility or accidental deletions) and 775, but for the snapshot
> repository they should be  664 and 775.
>
> >>   I think that, to increase responsibility, release managers should
> >>   be authorised by pmc's. That is not hard to check or implement.
> >>   See my specific proposal under 'problems and solutions' in
> >>
> >>     http://people.apache.org/~henkp/trust/
> >
> > Though I've read it before, I haven't thought a lot about these. These
> > look like some good solutions. This seems like an important but
> > parallel discussion, since it should effect the whole of /dist/.

Sounds good, tree of trust :) Codifying the oversight we always talk
about in something actually viewable.

>
> +1
>
> BTW it would be nice if we could just use standard Java Jar signing.
> That way the ultimate user of the code, the JVM, can verify the Jar.

Hearing this idea a lot; Steve Loughran had some emails saying that
signing wouldn't work - Steve?

Hen

Mime
View raw message