On Sun, 2003-02-02 at 21:23, Marc G. Fournier wrote: > well, if you want to tell me the steps, I'll consider it ...
I certainly wouldn't consider myself to be an expert in PGP, but my understanding of the basic steps is: (1) Generate a public/private key pair for the PGDG team. This should be used to sign all "official" packages. (2) Have this PK signed by various people who can actually verify that Marc Fournier == 'that PGP key' == 'PGDG member'. (2) Upload the public key to PGP keyservers, like keyserver.net, www.pgp.net, etc. as well as provide a copy of the public key on www.postgresql.org and ftp.postgresql.org (3) Sign official releases using the PGDG private key, and provide the signatures on www.postgresql.org along with the packages themselves. If someone more experienced in the use of PGP would like to comment, please go ahead. Cheers, Neil -- Neil Conway <[EMAIL PROTECTED]> || PGP Key ID: DB3C29FC ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
