incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <>
Subject Re: status of PGP support in Maven
Date Thu, 25 Sep 2008 01:22:59 GMT
William A. Rowe, Jr. wrote:
> Henning Schmiedehausen wrote:
>> So you assume that that can not be hacked? What if a
>> signing key *IS* in KEYS but not signed by anyone (because the developer
>> has never attended an Apache key signing event)?
> No, I answered your question.
> W.r.t.{tlp}/KEYS, we have a serious issue to address,
> because it's not https: accessible so cannot be trusted.  Yes, it's quite
> possible to fetch{tlp}/{code}/trunk/KEYS
> but that's not what we suggest, and suboptimal to boot.

Open an infrastructure JIRA ticket and I'll figure out getting https:// 
on sooner or later.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message