Remy Maucherat wrote: > Filip Hanik - Dev Lists wrote: >> sure, where do you have them, or do you want me to run a build against >> the tag? > > The usual location at www/www.apache.org/dist/tomcat-6/v6.0.1. For the > next build, I'll have a new key, and I'll be using gpg instead.
We should not be signing things other people have uploaded to a public area. The signer has no way of verifying the build integrity which defeats the whole object of signing. Builds should be performed in a private area, signed and then uploaded. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
