incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: key signing
Date Mon, 08 Oct 2012 16:47:13 GMT
I don't understand what "keys from LDAP" are?

Are these the same as keys whose fingerprints a ASF committer registers in their account or
something else?

 - Dennis

-----Original Message-----
From: Benson Margulies [] 
Sent: Monday, October 08, 2012 08:54
Subject: Re: key signing

[ ... ]

In my opinion, that's vanishingly unlikely, and so the best we can do
is to allow users to verify that the signature was, in fact, made by
the 'Apache hat' that it claimed to be made by. Using the keys in
KEYS, or the fingerprints from LDAP, seems the best they can do.

[ ... ]

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message