incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert burrell donkin" <>
Subject Re: Write-up on release signing/verification
Date Thu, 25 Jan 2007 19:07:42 GMT
On 1/25/07, Thilo Goetz <> wrote:
> Yoav Shapira wrote:
> > Hola,
> > That's cool, and very considerate of you to take the time to document
> > your process.  Thank you.
> >
> > However, I'm not sure that we need to duplicate what's already
> > documented and followed by most ASF projects:
> > and its links.  Instead, we should
> > work to update, amend, and extend that set of documents as applicable.
> >
> > Yoav
> Hi Yoav,
> so what do you propose?  The "signing releases" page does have all the
> info, but it's not very newbie friendly.  The FAQ style is appropriate
> if you already know your stuff in principle, but want to look up
> something specific.  I was trying to give a bit more of a sequential
> presentation.

the problem i've always had with coming up with a sequential
presentation is that i think that reading all the FAQs is the minimum
learning required to create signatures safely. i tried to structure
them as a non-linear tutorial (though i probably didn't succeed). i'm
not sure it's wise to give a recipe for release managers to follow
when they really need to spend some time reading.

but many people think i've gone too far so please submit a patch

> The other question I had was about the user side of things.  Is there a
> place where this has been described already?  I'd be more than happy to
> just link to existing content, or help create content that describes the
> user side of things in a general way.

please go ahead and create a patch :-)

i worry about making inaccurate statements or misleading
simplifications. the mechanical stuff is easy, the interpretation less
so. for most users, signatures are no better than checksums but
checksums are easier to understand. those users with a good
understanding of cryptography wouldn't need any help.

but again, i may well be over cautious

- robert

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message