I wish we could get away from PGP keys (though I understand it helps limit liability). It tends to be a decidely manual step, and error prone. I generate my PGP keys on my local machine and upload, it might be easier if I could figure out how to get my GnuPG key translated to a PGP key compatible with the tools on jakarta.apache.org, so I could sign the files there.
On Sat, 17 Jul 2004 12:25:20 +0100, robert burrell donkin <[EMAIL PROTECTED]> wrote: > On 15 Jul 2004, at 20:51, Stefan Bodewig wrote: > > <snip> > > > BTW, I just now realized that we have a couple of releases that are > > neither PGP signed nor accompanied by MD5 hashes, this should be > > strongly discouraged IMHO. In particular since Ant supports > > generation of MD5 hashes since a few years now - and so does Maven. > > +1 > > i'm not sure what can be done about it, though. maybe the pmc could > insist that all new release have sums and signatures. > > > Finally I'd move the section about archived builds to the bottom as > > well. Thinking about it, I should probably mock up a design to show > > what I mean, will do so next week unless I get shot down before 8-) > > > > cool. > > i've been playing around with tables so maybe i'll post up a mock > somewhere too. > > - robert > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Howard M. Lewis Ship Independent J2EE / Open-Source Java Consultant Creator, Jakarta Tapestry Creator, Jakarta HiveMind http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]