On 28.10.2007, at 08:57, Niclas Hedhman wrote:
On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
Perhaps
we should add some information on getting into the Web of Trust,
although
that is really a general committer item, not Incubator specific.
I am not very security fluent, and perhaps someone could explain to
me;
What is the difference of being an Apache committer/Member with the
*signed*
ICLA, which indeed is a legal document, and that other ASF folks
has seen
your driver's license (et al) and signed you into the web of trust?
Um, these two things are totally unrelated.
From my perspective, the latter is not legally binding and at the
most act as
some form of "someone has identified it to be a real person with that
name"...
Aye, given that you trust the government-issued doc (like a drivers
license)...
As BenL always says: "I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
connected to the key I intend to sign - is it really the address of
the person in question?".
FWIW, I think ASF should increase the efforts in the ASF Web of
Trust, both
getting more people engaged (like myself, I can't figure out the
practical
details on how to go about it)
Get a key, print the fingerprint and come to an AC and let it sign by
some other folks - that's it.
See also http://wiki.apache.org/apachecon/PgpKeySigning
as well as tooling support for verifications.
http://httpd.apache.org/dev/verification.html
Cheers,
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]