xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Leung <twle...@sauria.com>
Subject Re: Getting all projects to sign releases - Forrest, Xindice
Date Sat, 13 Sep 2003 18:41:10 GMT
On 9/12/2003 6:37 PM, Shane Curcuru wrote:

> Is it just me, or don't we have a policy that all software 
> distributions should be PGP/GPG or equivalently signed with the 
> release manager's key?  8-)
> Admittedly, plus points to Forrest and Xindice since they've already 
> moved their distributions to the mirroring system at 
> www.apache.org/dist/xml/[subproject].  But I'd really like to see 
> future releases also get signed before they're put on the distro site.

But we also need to work on getting our keyrings / web of trust built 
out.  If people are at ApacheCon it will help.  Also, if people can sign 
keys of people that they know when they see them face to face, that will 
help as well.

There are now good tools for doing GPG (as well as PGP Freeware) on 
Windows -- Look at the Enigmail plugin to Mozilla and Thunderbird as an 
example.  That's why you'll be seeing more signed messages from me on 
"official" matters...


To unsubscribe, e-mail: general-unsubscribe@xml.apache.org
For additional commands, e-mail: general-help@xml.apache.org

View raw message