On Mon, Oct 8, 2012 at 12:47 PM, Dennis E. Hamilton <[email protected]> wrote: > I don't understand what "keys from LDAP" are? > > Are these the same as keys whose fingerprints a ASF committer registers in > their account or something else?
Yes. Sorry for the foggy phraseology. > > - Dennis > > -----Original Message----- > From: Benson Margulies [mailto:[email protected]] > Sent: Monday, October 08, 2012 08:54 > To: [email protected] > Subject: Re: key signing > > [ ... ] > > In my opinion, that's vanishingly unlikely, and so the best we can do > is to allow users to verify that the signature was, in fact, made by > the 'Apache hat' that it claimed to be made by. Using the keys in > KEYS, or the fingerprints from LDAP, seems the best they can do. > > [ ... ] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
