zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Kelly <iv...@apache.org>
Subject Re: verifying downloads of release tarballs
Date Tue, 07 Oct 2014 08:35:24 GMT
The keys in use should be in 
https://svn.apache.org/repos/asf/zookeeper/dist/KEYS

-Ivan

Warren Turkal writes:

> Hey everyone,
>
> I have a couple questions about verifying the tarballs I download for
> Zookeeper.
>
> I don't see any listing of an official release manager identity and their
> pub key. Therefore, I don't know which key I should be getting to verify a
> signature against. Is there a list somewhere of the release manager
> identity. Ideally, I'd also be able to get the key from an Apache site
> protected by TLS (maybe even HTTPS). Am I just missing this info? If so,
> where is the info?
>
> Also, I don't see corresponding .asc signature files that can be used to
> verify the authenticity of the archives even if I did have a pub key. Are
> these located in some special location other than in the directories along
> side the released tarballs?
>
> Alternatively, is there a better way to retrieve crypto-secured releases
> than just downloading the release tarballs?
>
> Thanks,
> wt


Mime
View raw message