The keys in use should be in
https://svn.apache.org/repos/asf/zookeeper/dist/KEYS
-Ivan
Warren Turkal writes:
> Hey everyone,
>
> I have a couple questions about verifying the tarballs I download for
> Zookeeper.
>
> I don't see any listing of an official release manager identity and their
> pub key. Therefore, I don't know which key I should be getting to verify a
> signature against. Is there a list somewhere of the release manager
> identity. Ideally, I'd also be able to get the key from an Apache site
> protected by TLS (maybe even HTTPS). Am I just missing this info? If so,
> where is the info?
>
> Also, I don't see corresponding .asc signature files that can be used to
> verify the authenticity of the archives even if I did have a pub key. Are
> these located in some special location other than in the directories along
> side the released tarballs?
>
> Alternatively, is there a better way to retrieve crypto-secured releases
> than just downloading the release tarballs?
>
> Thanks,
> wt
|