On 11/3/23 9:33 AM, Mark Thomas wrote:
Alternatively, come along to the next Community Over Code conference,
take part in the key signing party and join the web of trust (or just
use this as the excuse to come to the conference).
And as a final option (I've done it once in 20 years) you can always
arrange to meet a release manager face to face to have your own 2-person
key signing party. Offers of $beverages can help facilitate this ;)
Thanks, Mr. Thomas.
Interesting. But I'm nearly a month late for this year's conference, and
while I enjoyed the few days I spent in Halifax, as part of a pre-COVID
fall vacation in Canada, I haven't left California since the COVID
pandemic began.
If there's anybody in Orange County, California, who can legitimately
get me into the web of trust (I don't have any key of my own to
exchange; I've never needed one), I'll be happy to buy that individual
lunch sometime.
But for now, I'll simply take your word that "the KEYS file is protected
to the same degree that the source code is protected." Which is still an
improvement over not bothering to verify anything.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
