[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: PROPOSAL: GPG Signing of Releases

From: Jani Averbach <jaa_at_jaa.iki.fi>
Date: 2004-04-06 23:21:11 CEST

On 2004-04-06 16:08-0500, Brian W. Fitzpatrick wrote:
> I'm all for having multiple committers sign a release for the purpose of
> providing multiple trust paths to the signer's key, but I'm against the
> idea of a "shared key". I discussed this a bit with Ben Laurie, and he
> said:
> Shared keys are bad, for the obvious reason that you have to:
> a) Share it, implying some other shared form of trust in the first
> place.
> b) Revoke it when anyone leaves.
> I see no benefit gained by having this key.

I could not agree more with Fitz.

BR, Jani

Jani Averbach
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 6 23:21:30 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.