incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilles Scokart" <>
Subject RE: ASF Web of Trust [was: Release Distribution Strategy]
Date Mon, 29 Oct 2007 14:30:22 GMT

> -----Original Message-----
> From: sebb []
> Even if you can't establish a trust path, the PGP signature gives a
> bit more assurance than a hash. The KEY file should be in SVN, so you
> can ensure that the person that added the key to the KEY file was at
> least a committer to SVN.

That's only for the users who have https access to SVN (and who can reliably verify the SSH
key of the server).  The
others have to assume that server from which they are reading the KEY file is the real one.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message