incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <>
Subject Re: key signing - issues
Date Sun, 07 Oct 2012 15:31:43 GMT

After reading all the responses, I'm no longer very interested in
pushing the idea of key signing. I am much more interested in
explaining to users the existence and use of the LDAP keys.

We can explain: "If something is signed with a key associated with an
Apache committer via the Apache infrastructure, then you have
assurance of the pathway from Key -> Apache Account -> CLA on file.
Even if the key is not signed at all, this tells you that the
signature comes from the named Apache account."

The bigger the Foundation gets, the less likely that any number of key
signing parties at ApacheCons are going to put a dent in all the
possible release managers.

I suppose that comdev could try to organize a web of key signing
parties that aren't at ApacheCons.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message