On Jun 27, 2011, at 12:58 PM, Noel J. Bergman wrote: >> we copy a KEYS file into that directory upon succesful VOTE of the release >> artifacts (which also include the KEYS file). > > Perhaps, but the point we're getting at was explicitly stated by Benson, > "The goal here is to allow and encourage consumers to independently verify > signatures. That calls for KEYS somewhere else than inside the package."
Right, and the point I was getting at was that in Gora, we encourage both. As a consumer of software, it's nice to have the keys right there with the release package too, so I don't have to go anywhere else rather than where I'm at (my machine) to verify the KEYS file that came along with the release tarball. Cheers, Chris ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Chris Mattmann, Ph.D. Senior Computer Scientist NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA Office: 171-266B, Mailstop: 171-246 Email: chris.a.mattm...@nasa.gov WWW: http://sunset.usc.edu/~mattmann/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Adjunct Assistant Professor, Computer Science Department University of Southern California, Los Angeles, CA 90089 USA ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
