Christian Grobmeier wrote on Tue, Jun 28, 2011 at 11:20:13 +0200: > >> we copy a KEYS file into that directory upon succesful VOTE of the release > >> artifacts (which also include the KEYS file). > > > > Perhaps, but the point we're getting at was explicitly stated by Benson, > > "The goal here is to allow and encourage consumers to independently verify > > signatures. That calls for KEYS somewhere else than inside the package." > > I am sorry to ask it again, but why can't the incubator have a policy > to make people use: > https://id.apache.org/ > to store their signing key. >
You mean "To store the fingerprint of their public key." --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
