Dave,
> It is certainly reasonable for multiple people to have their signing key > within the project's KEYS file. Releases may be signed by anyone on that > key. > That's good to know! > > Is it possible to derive these p12 files from KEYS? I think it is likely, > if so we have a path to signing of these artifacts by project release > managers > I will investigate this approach. I have limited knowledge about this, but I believe that OpenSSL might help us here. Will let you know soon. > > Digital signatures are a whole other level of work. Can we handle sigs > that are in the KEYS file such that a user can check to see that these > artifacts are "properly" signed. > BTW, thanks for backing me up in the related thread on infra-dev :-) I want to create a wiki page on the general wiki as Tony mentions there: On 17 Aug 2012, at 12:38, Tony Stevenson <t...@pc-tony.com> wrote: > > > wiki.a.o/general/FooSSLPageHere or some such would be fine with me. > > Actually the more I think about it, the better this seems. Once all the > proposals are ready for review please ping us and we can take it on, then. > That would be infinitely easier that collating all the emails on the topic. > I believe I need to be given access to edit wiki.apache.org/general/, right? Where do I request this? Thanks, Om
