[replied to list] There was a discussion about this on the Samba list a while ago
http://lists.samba.org/pipermail/samba-technical/2002-November/040931.html Briefly We should create a team signing key, with an lifetime of about a year. It has to be relatively short to allow for turnover in the people who have access to the key. The signing key must only be stored on secure machines, certainly *not* on samba.org. (If it was on samba.org, somebody who compromised that machine could also generate new signatures and it would be pointless.) The key should be signed by team members and other relevant people; we should also sign each others' keys. The key should be on the keyservers and on the web site. Unless you've already done so I'll create the key and send the private half to you and the public half to the website, keyservers, and list. -- Martin -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
