On Tue, Jun 28, 2011 at 12:22 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > Christian Grobmeier wrote on Tue, Jun 28, 2011 at 11:20:13 +0200: >> >> we copy a KEYS file into that directory upon succesful VOTE of the release >> >> artifacts (which also include the KEYS file). >> > >> > Perhaps, but the point we're getting at was explicitly stated by Benson, >> > "The goal here is to allow and encourage consumers to independently verify >> > signatures. That calls for KEYS somewhere else than inside the package." >> >> I am sorry to ask it again, but why can't the incubator have a policy >> to make people use: >> https://id.apache.org/ >> to store their signing key. >> > > You mean "To store the fingerprint of their public key."
Indeed --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
