Hey all, With the release of 0.9.0 I started thinking about something. We're not signing those tarballs with PGP or even publishing MD5/SHA-1/SHA-256 checksums on them. That has been kind of a standard practice with a lot of packages, most particularly with anything that can impact security. the Samba packages (I'm on the Samba Team) are all signed and the team signing key has been signed by several of us, including me, that anchors it all the way back to the "dead trees edition" book of the web of trust fingerprints.
As we're now opening up the branch heading for 1.0, should we start thinking about establishing a key, getting it signed, and starting to use it for releases? Just food for though. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
