You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apreq-dev@httpd.apache.org by Joe Schaefer <jo...@sunstarsys.com> on 2003/06/13 10:48:58 UTC

KEYS file

For future releases of apreq, we should adopt the
policies of our parent project (httpd) and use
gpg/pgp to sign all httpd-apreq* releases.

I've drafted a KEYS file that should ultimately
be located at http://www.apache.org/dist/httpd/libapreq/KEYS,
but before placing it there I'd like to give folks a 
chance to comment.  It is currently available at

  http//httpd.apache.org/~joes/KEYS

and is virtually identical to httpd's KEYS file.

More signatures would be nice, but I'm not
sure how to solicit them from folks without 
compromising security.  I'm planning to just
make the KEYS file writable by anyone in the httpd
(Unix) group, so other apreq committers will need
to log into the server and add their own key to the
file.

-- 
Joe Schaefer

Re: KEYS file

Posted by Joe Schaefer <jo...@sunstarsys.com>.

Joe Schaefer <jo...@sunstarsys.com> writes:

> For future releases of apreq, we should adopt the
> policies of our parent project (httpd) and use
> gpg/pgp to sign all httpd-apreq* releases.
> 
> I've drafted a KEYS file that should ultimately
> be located at http://www.apache.org/dist/httpd/libapreq/KEYS,
> but before placing it there I'd like to give folks a 
> chance to comment.

I'll hold off on making a KEYS file for libapreq, since 
someone suggested to me (privately) that httpd-apreq Release 
Managers can add their public keys to httpd's KEYS file.

-- 
Joe Schaefer