On Mon, Oct 8, 2012 at 12:47 PM, Dennis E. Hamilton <orc...@apache.org> wrote: > I don't understand what "keys from LDAP" are? > > Are these the same as keys whose fingerprints a ASF committer registers in > their account or something else?
Yes. Sorry for the foggy phraseology. > > - Dennis > > -----Original Message----- > From: Benson Margulies [mailto:bimargul...@gmail.com] > Sent: Monday, October 08, 2012 08:54 > To: general@incubator.apache.org > Subject: Re: key signing > > [ ... ] > > In my opinion, that's vanishingly unlikely, and so the best we can do > is to allow users to verify that the signature was, in fact, made by > the 'Apache hat' that it claimed to be made by. Using the keys in > KEYS, or the fingerprints from LDAP, seems the best they can do. > > [ ... ] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org