I don't understand what "keys from LDAP" are? Are these the same as keys whose fingerprints a ASF committer registers in their account or something else?
- Dennis -----Original Message----- From: Benson Margulies [mailto:[email protected]] Sent: Monday, October 08, 2012 08:54 To: [email protected] Subject: Re: key signing [ ... ] In my opinion, that's vanishingly unlikely, and so the best we can do is to allow users to verify that the signature was, in fact, made by the 'Apache hat' that it claimed to be made by. Using the keys in KEYS, or the fingerprints from LDAP, seems the best they can do. [ ... ] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
