incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: key signing
Date Thu, 11 Oct 2012 01:14:15 GMT
On Wed, Oct 10, 2012 at 9:10 PM, Daniel Shahaf <> wrote:
> Greg Stein wrote on Wed, Oct 10, 2012 at 19:44:30 -0400:
>> I've read this entire thread (whew!), and would actually like to throw out
>> a contrary position:
>> No signed keys.
>> Consider: releases come from the ASF, not a person.
> Therefore, releases should be signed by the ASF as an organisation, not
> by individual persons.  Right?

I would be completely supportive of an Infra-managed private key for
signing releases.

My point is that our instructions to users don't really incorporoate
the notions of "keys", and (thus) provide near-zero utility. For such
a long thread, for such little gain... my thought was "toss the
concept. throw out the keys."

> Daniel
> (infra hat off, devil's advocate hat on)

hehe. And my devil's advocate is: "keys provide no additional benefit
for end users. demonstrate otherwise."


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message