On Mon, Jun 27, 2011 at 11:59 PM, Mattmann, Chris A (388J) <chris.a.mattm...@jpl.nasa.gov> wrote: > Yep, makes sense. Like I told Benson, I wasn't exactly sure if the mirroring > system were read only downstream of the Apache root sources (IOW, I thought > we had more control then in reality we did). > > BTW, if someone could point me to a document where this is described, that > would certainly help me refer it to others in the future....
The mirroring docs are at http://www.apache.org/info/how-to-mirror.html AFAIK, and in any case we cannot trust mirrors of Apache software as we don't control them. Hence the need for people to download KEYS files from an *.apache.org domain that we do control. Putting KEYS in a distribution might cause people to use them instead of getting them from a trusted source, and that's bad. -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
