Re: PROPOSAL: GPG Signing of Releases

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2004-04-10 10:53:20 CEST

--On Friday, April 9, 2004 9:01 AM +0200 Sander Striker <striker@apache.org>
wrote:

> On Fri, 2004-04-09 at 05:48, Brian W. Fitzpatrick wrote:
>> On Apr 8, 2004, at 2:55 PM, kfogel@collab.net wrote:
>>
>> > Okay. My feeling, after reading the whole thread, is that we should
>> >
>> > a) Forget about the shared key for now.
>> >
>> > b) Make sure that three or four developers sign each release.
>> >
>> > c) Make an effort to get all developer's keys into well-connected
>> > trust networks (pretty easy, considering that we have a high
>> > degree of personal contact/overlap with other projects like
>> > Debian, Apache, etc).
>>
>> <snip>
>>
>> > So, how do people feel about this simplified version of Ben Reser's
>> > proposal?
>>
>> +1!
>
> +1

For the record, +1 on this plan. Yes, I know this contradicts Karl's later
proposal, but I think the one outlined here is the correct one. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 10 09:53:24 2004

This message: [ Message body ]
Next message: Justin Erenkrantz: "Re: PROPOSAL: GPG Signing of Releases"
Previous message: Justin Erenkrantz: "Re: PROPOSAL: GPG Signing of Releases"
In reply to: Sander Striker: "Re: PROPOSAL: GPG Signing of Releases"
Next in thread: Ben Reser: "Re: PROPOSAL: GPG Signing of Releases"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]