incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hyrum K Wright <>
Subject Re: KEYS and releases
Date Tue, 28 Jun 2011 02:24:07 GMT
On Mon, Jun 27, 2011 at 4:59 PM, Mattmann, Chris A (388J)
<> wrote:
> Yep, makes sense. Like I told Benson, I wasn't exactly sure if the mirroring system were
read only downstream of the Apache root sources (IOW, I thought we had more control then in
reality we did).
> BTW, if someone could point me to a document where this is described, that would certainly
help me refer it to others in the future.

Several projects reference the httpd document entitled "Verifying
Apache HTTP Server Releases," which includes good commentary on why
it's important to download the signatures directly from Apache
hardware, and keys from the public keyrings.  You can find it here:

I also found several other documents about making releases and signing
them, but these mostly addressed the process from a release manager's
perspective, and not an end users.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message