zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <phu...@gmail.com>
Subject Re: verifying downloads of release tarballs
Date Tue, 07 Oct 2014 21:43:46 GMT
I think that's the legacy file - there is also this file, which seems
more up to date:

http://www.apache.org/dist/zookeeper/KEYS

Patrick

On Tue, Oct 7, 2014 at 1:35 AM, Ivan Kelly <ivank@apache.org> wrote:
> The keys in use should be in
> https://svn.apache.org/repos/asf/zookeeper/dist/KEYS
>
> -Ivan
>
> Warren Turkal writes:
>
>> Hey everyone,
>>
>> I have a couple questions about verifying the tarballs I download for
>> Zookeeper.
>>
>> I don't see any listing of an official release manager identity and their
>> pub key. Therefore, I don't know which key I should be getting to verify a
>> signature against. Is there a list somewhere of the release manager
>> identity. Ideally, I'd also be able to get the key from an Apache site
>> protected by TLS (maybe even HTTPS). Am I just missing this info? If so,
>> where is the info?
>>
>> Also, I don't see corresponding .asc signature files that can be used to
>> verify the authenticity of the archives even if I did have a pub key. Are
>> these located in some special location other than in the directories along
>> side the released tarballs?
>>
>> Alternatively, is there a better way to retrieve crypto-secured releases
>> than just downloading the release tarballs?
>>
>> Thanks,
>> wt
>

Mime
View raw message