incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martijn Dashorst <>
Subject Re: key signing
Date Thu, 11 Oct 2012 11:35:34 GMT
On Thu, Oct 11, 2012 at 10:57 AM, Noah Slater <> wrote:
> Which is why we link to the .md5, .sha, .asc, and KEYS files on our severs.
> Unless you're assuming a MITM along the request/response path to,
> in which case all bets are off anyway. No?

Which is why I have my release vote messages include the .asc files in
the actual vote. This way people can verify that the vote that is
being carried out is done on the right artifacts including the correct
.asc files.

Perhaps I need to include the .asc contents in the release
announcements as well (though that might be overkill).


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message