My first thought was 'I want to have all the stuff inside the distro.' That
means also the ASC.
But having the ASC inside the distro means letting the key on the lock ...
So the 2nd thought was: how to verify the download?
- download
- hashvalue checksum
- pgp check
We could provide a howto file
> Should we include the PGP [e.g. 1] signature in the future?
Answer myself: should be only on ASF server, so people could trust that ;)
Maybe place a note (next time) how to check that (do we have a build snippet
for that?)
Jan
--
+1
Should we include the PGP [e.g. 1] signature in the future?
Jan
[1]
https://dist.apache.org/repos/dist/dev/ant/antlibs/compress/binaries/apache-
ant-compress-1.5-bin.zip.asc
> -Ursprüngliche Nachricht-
> Von: Stefan Bodewig [mailto:bode...@apache.org]
> Gesendet: Samstag, 10. Juni 201
