+1 KEYS should not be distributed with a release, even if the central key infrastructure is not used, at least release manager should point people checking the release to where they can find the KEYS so they can check release signatures, which is normally the way used with most of the projects I follow.
On Mon, Jun 27, 2011 at 7:21 AM, Christian Grobmeier <grobme...@gmail.com> wrote: >> It seems to me to be a bad idea to distribute keys with releases. > > +1 > >> And don't >> we already have some ASF-wide policy for managing keys? > > I don't know if there is a policy, but I recently found this: > > http://people.apache.org/foaf/index.html > "PGP keys may additionally be added to your profile on > https://id.apache.org/. This will cause them to be added to > https://people.apache.org/keys/, and make them available to other > infrastructure tools in the future." > > Then it would be available here: > https://people.apache.org/keys/group/ > > Why shouldn't all podlings use this a central keys file? > > Cheers > Christian > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > -- Thanks - Mohammad Nour Author of (WebSphere Application Server Community Edition 2.0 User Guide) http://www.redbooks.ibm.com/abstracts/sg247585.html - LinkedIn: http://www.linkedin.com/in/mnour - Blog: http://tadabborat.blogspot.com ---- "Life is like riding a bicycle. To keep your balance you must keep moving" - Albert Einstein "Writing clean code is what you must do in order to call yourself a professional. There is no reasonable excuse for doing anything less than your best." - Clean Code: A Handbook of Agile Software Craftsmanship "Stay hungry, stay foolish." - Steve Jobs --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
