Okay, I think I've had an epiphany :-).
There is nothing preventing any group of developers from getting
together, generating a shared key, signing it with their personal keys
(and those of anyone else they can persuade), and then using the
shared key to sign the release.
So, those of us who want to do that for the next release will just do
it. That will probably include at least those of us in Chicago. I
hope no one will mind if we call it the "SVN Release Key" or something
similarly official-sounding. There's no reason to have two such keys,
after all -- anyone who wants to can just sign this one (we can easily
generate trust paths).
If it later turns out to be a pain to manage, we just stop doing it.
Some release announcement would simply say "We have stopped using a
shared key to sign releases, due to key management concerns [or
whatever], but we continue to sign with personal keys."
In essence, this is Ben's proposal, on an experimental basis. Why
speculate about problems that might come up, when we can just wing it?
There's very little penalty for guessing wrong here, after all.
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Apr 9 19:19:24 2004