On Mon, Apr 08, 2002 at 09:41:33AM -0700, Ryan Bloom wrote: > > I think that's all Ryan was saying. Besides, more important than > having > > your key in the KEYS file is having good trust connectivity to the > > rest of the HTTP Project committers. > > Nope, you can't ship them unless the key is in the file before the > release. First of all, your key won't be signed immediately. Second, > the KEYS file should be tagged in CVS, so when somebody checks out the > KEYS file from the 2.0.35 release, they won't have your key.
We don't have a KEYS file in the tarball anymore, so I should be safe. The KEYS file lives in httpd-dist now. I'm also well-connected into the trust graph (ooh, fancy graph-theory lingo). -aaron