Re: PROPOSAL: GPG Signing of Releases

From: Jani Averbach <jaa_at_jaa.iki.fi>
Date: 2004-04-06 23:21:11 CEST

On 2004-04-06 16:08-0500, Brian W. Fitzpatrick wrote:
>
> I'm all for having multiple committers sign a release for the purpose of
> providing multiple trust paths to the signer's key, but I'm against the
> idea of a "shared key". I discussed this a bit with Ben Laurie, and he
> said:
>
> Shared keys are bad, for the obvious reason that you have to:
>
> a) Share it, implying some other shared form of trust in the first
> place.
> b) Revoke it when anyone leaves.
>
> I see no benefit gained by having this key.
>

I could not agree more with Fitz.

BR, Jani

-- 
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 6 23:21:30 2004

This message: [ Message body ]
Next message: Ben Reser: "Re: PROPOSAL: GPG Signing of Releases"
Previous message: C. Michael Pilato: "Re: [PATCH] Fix to svn_time_to_human_cstring() - take 3"
In reply to: Brian W. Fitzpatrick: "Re: PROPOSAL: GPG Signing of Releases"
Next in thread: Ben Reser: "Re: PROPOSAL: GPG Signing of Releases"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]