[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: PROPOSAL: GPG Signing of Releases

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2004-04-10 10:53:20 CEST

--On Friday, April 9, 2004 9:01 AM +0200 Sander Striker <striker@apache.org>
wrote:

> On Fri, 2004-04-09 at 05:48, Brian W. Fitzpatrick wrote:
>> On Apr 8, 2004, at 2:55 PM, kfogel@collab.net wrote:
>>
>> > Okay. My feeling, after reading the whole thread, is that we should
>> >
>> > a) Forget about the shared key for now.
>> >
>> > b) Make sure that three or four developers sign each release.
>> >
>> > c) Make an effort to get all developer's keys into well-connected
>> > trust networks (pretty easy, considering that we have a high
>> > degree of personal contact/overlap with other projects like
>> > Debian, Apache, etc).
>>
>> <snip>
>>
>> > So, how do people feel about this simplified version of Ben Reser's
>> > proposal?
>>
>> +1!
>
> +1

For the record, +1 on this plan. Yes, I know this contradicts Karl's later
proposal, but I think the one outlined here is the correct one. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 10 09:53:24 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.