On 10/29/07, Erik Abele <[EMAIL PROTECTED]> wrote:
> On 29.10.2007, at 16:02, Niclas Hedhman wrote:
> > Asking me to do something about it, is also asking at the wrong
> > end, since I
> > am a newbie at the topic and barely trust myself getting anything
> > right.
>
> Well, that's the way we op
On 29/10/2007, Gilles Scokart <[EMAIL PROTECTED]> wrote:
>
>
> > -Original Message-
> > From: sebb [mailto:[EMAIL PROTECTED]
> >
> > Even if you can't establish a trust path, the PGP signature gives a
> > bit more assurance than a hash. The KEY file should be in SVN, so you
> > can ensure t
On 29.10.2007, at 16:02, Niclas Hedhman wrote:
On Monday 29 October 2007 21:26, Erik Abele wrote:
The process on the above page is beyond most users'
imagination.
As said, they probably don't even care otherwise they would know...
I rest my case; If I don't care about routing tables in TCP/
On Monday 29 October 2007 21:26, Erik Abele wrote:
> > The process on the above page is beyond most users'
> > imagination.
>
> As said, they probably don't even care otherwise they would know...
I rest my case; If I don't care about routing tables in TCP/IP stacks, I don't
need Internet, right?
> -Original Message-
> From: sebb [mailto:[EMAIL PROTECTED]
>
> Even if you can't establish a trust path, the PGP signature gives a
> bit more assurance than a hash. The KEY file should be in SVN, so you
> can ensure that the person that added the key to the KEY file was at
> least a com
On 29/10/2007, Erik Abele <[EMAIL PROTECTED]> wrote:
> On 29.10.2007, at 03:13, Niclas Hedhman wrote:
>
> > On Sunday 28 October 2007 23:15, Erik Abele wrote:
> >> As BenL always says: "I don't give a shit about some random document,
> >> that could be faked anyway. All I care about is the email ad
On 29.10.2007, at 13:49, Robert Burrell Donkin wrote:
...
IMO this needs to be done at the protocol level to gain the required
security (rather than just the appearance of security). if there's
anyone around who's active on HTTP standards then now would be a great
time to jump in...
And back t
On 29.10.2007, at 03:13, Niclas Hedhman wrote:
On Sunday 28 October 2007 23:15, Erik Abele wrote:
As BenL always says: "I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
connected to the key I intend to sign - is it really the addr
On 10/29/07, Niclas Hedhman <[EMAIL PROTECTED]> wrote:
> On Sunday 28 October 2007 23:15, Erik Abele wrote:
> > As BenL always says: "I don't give a shit about some random document,
> > that could be faked anyway. All I care about is the email address
> > connected to the key I intend to sign - is
On Sunday 28 October 2007 23:15, Erik Abele wrote:
> As BenL always says: "I don't give a shit about some random document,
> that could be faked anyway. All I care about is the email address
> connected to the key I intend to sign - is it really the address of
> the person in question?".
Ok,
Hi,
Some background on the web of trust (wot) that ASF uses for signers
of code releases is at http://en.wikipedia.org/wiki/Web_of_trust
You correctly point out that the icla is a binding document in which
the party signing the document grants certain intellectual property
rights to the A
On 10/28/07, Erik Abele <[EMAIL PROTECTED]> wrote:
> On 28.10.2007, at 08:57, Niclas Hedhman wrote:
> > as well as tooling support for verifications.
>
> http://httpd.apache.org/dev/verification.html
IMHO verification is too important to be left to users. perhaps HTTP
could be extended by a "3x
On 28.10.2007, at 08:57, Niclas Hedhman wrote:
On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
Perhaps
we should add some information on getting into the Web of Trust,
although
that is really a general committer item, not Incubator specific.
I am not very security fluent, and perha
On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
> Perhaps
> we should add some information on getting into the Web of Trust, although
> that is really a general committer item, not Incubator specific.
I am not very security fluent, and perhaps someone could explain to me;
What is the diff
Robert Burrell Donkin wrote:
> IMO the IPMC needs to think a little about the division of
> responsibility between podling and IPMC in the final
> publication stage of release distribution.
> new releases need to be mirrored. setting up mirroring takes some work
> but it's once only. the question
i'm starting to think about the mechanics of correctly distributing
releases and find some topics deserving of discussion
IMO the IPMC needs to think a little about the division of
responsibility between podling and IPMC in the final publication stage
of release distribution.
new releases need to
16 matches
Mail list logo
