Re: PROPOSAL: GPG Signing of Releases

From: Mark Benedetto King <mbk_at_lowlatency.com>
Date: 2004-04-07 02:19:03 CEST

On Tue, Apr 06, 2004 at 04:43:31PM -0700, Justin Erenkrantz wrote:
>
> I hereby vote -1 (i.e. non-veto No) against this. I think a shared key is
> about the worst thing we could do to solve this problem. -- justin
>

I propose that Karl Fogel sign the public keys of the CollabNet folks and anyone
else he can reliably authenticate and that those keys be stored in

http://svn.collab.net/repos/svn/trunk/KEYS

(Why Karl Fogel? His public key is already well-known and available at
http://www.red-bean.com/~kfogel/public-key.html)

These signed keys can then be used to sign the public keys of the other
committers when and if they can be authenticated to the satisfaction of the
holders of already signed keys. These keys can be signed multiple times.

Policy decisions about how to determine whether a particular key has enough
signature-mojo in order to be trusted to sign a release is a different
decision.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Apr 7 04:45:38 2004

This message: [ Message body ]
Next message: Branko Čibej: "Re: PROPOSAL: GPG Signing of Releases"
Previous message: Mark D. Baushke: "Re: PROPOSAL: GPG Signing of Releases"
In reply to: Justin Erenkrantz: "Re: PROPOSAL: GPG Signing of Releases"
Next in thread: Mark D. Baushke: "Re: PROPOSAL: GPG Signing of Releases"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]