: One question: should we also add signatures and checksums on the pdf
: artifact? In my opinion we should create those so we can verify that we
: all vote on the same pdf file created by the RM. The GPG signature would
: ensure this.
Good question.
I briefly considered this a while back when i first started drafting up
the process (i think i even asked about it on IRC and got no response) but
ultimately didn't include it because...
1) i didn't see any "risk" from potentially rouge mirrors trying
to modify the docs (not like with source code)
2) from the precendence i could see from httpd-docs, they didn't
bother with signing or providing checksums for their doc releases
3) i was trying to keey things simple.
But you're right -- particularly for ensuring that we are all voting on
the same thing having sigs/checksums are a good idea -- and if we're going
to generate them, we might as well also push them to the mirrors.
I'll update the docs, but in the meantime I don't think we need to call a
new VOTE of a new RC -- but i'll reply to the existing RC2 thread
with specifics on the sig/checksum.
-Hoss
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
