Benson Margulies wrote on Fri, Oct 05, 2012 at 08:04:04 -0400: > Alternatively, since the chain is CLA -> svn access -> unsigned key in > svn, perhaps all we really need is to document that a signature > corresponding to a key in svn is really good enough, and users need > not be concerned further. >
Downloading keys from https://www.apache.org/dist/ or https://people.apache.org/keys/ is good enough enough for users who trust root@ and Thawte. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
