On 21 Nov 2013, at 8:15, Stefan Bodewig wrote: > On 2013-11-21, Christian Grobmeier wrote: > >> +1 > >> checked formalities, but didn't interpret the content b/c lack of >> windows :-) > > thanks. > >> One no blocker which I just saw: the KEYS file is included in the >> dist. Shouldn't it be left out? > > I think we've always done it that way in log4net and I know Ant has been > doing so since 2000 - what's wrong with it?
when somebody downloads it and opens the zip, it is tempting to validate the package against the included KEYS file. But if somebody could manipulate the content of the package, he also could manipulate the KEYS file. For that reason the KEYS file should be on a different location. This is the case, that's why I meant it's not critical. It is on the other hand tempting to take the included oneā¦ nitpickery! Thanks for pushing out the release! > Stefan --- http://www.grobmeier.de @grobmeier GPG: 0xA5CC90DB
