> > do I simply make for myself an ad hoc key and stick it in a file?
> > Do we have a KEY file already, with keys for previous Release Managers?
> I don't believe it has ever been done for James.
> It is however highly recommended.
> The real danger was that someone would add trojon horse to builds
And that danger increases with the push to use mirrors for downloading.
I went ahead and used GnuPG, created a new key for signing, prepared a KEYS
file, signed the distribution files following the instuctions on the GnuPG
site, and uploaded the KEYS and digital signatures to the download
directories. Also setup a HEADER.html and README.html.
I did not use the same key that I use for SSH. The key I generated is
unique to file signing.
I'll update KEYS, HEADER.html and README.html files into the CVS.
--- Noel
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
