I was originally signing packages on the Apache server (as I wasn't used to installing PGP on machines I setup for dev work). It was recommended repeatedly that I get them off as it is a risk to the quality of the authentication.
Hen On Sat, 17 Jul 2004, Howard Lewis Ship wrote: > I wish we could get away from PGP keys (though I understand it helps > limit liability). It tends to be a decidely manual step, and error > prone. I generate my PGP keys on my local machine and upload, it > might be easier if I could figure out how to get my GnuPG key > translated to a PGP key compatible with the tools on > jakarta.apache.org, so I could sign the files there. > > On Sat, 17 Jul 2004 12:25:20 +0100, robert burrell donkin > <[EMAIL PROTECTED]> wrote: > > On 15 Jul 2004, at 20:51, Stefan Bodewig wrote: > > > > <snip> > > > > > BTW, I just now realized that we have a couple of releases that are > > > neither PGP signed nor accompanied by MD5 hashes, this should be > > > strongly discouraged IMHO. In particular since Ant supports > > > generation of MD5 hashes since a few years now - and so does Maven. > > > > +1 > > > > i'm not sure what can be done about it, though. maybe the pmc could > > insist that all new release have sums and signatures. > > > > > Finally I'd move the section about archived builds to the bottom as > > > well. Thinking about it, I should probably mock up a design to show > > > what I mean, will do so next week unless I get shot down before 8-) > > > > > > > cool. > > > > i've been playing around with tables so maybe i'll post up a mock > > somewhere too. > > > > - robert > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > Howard M. Lewis Ship > Independent J2EE / Open-Source Java Consultant > Creator, Jakarta Tapestry > Creator, Jakarta HiveMind > http://howardlewisship.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]