[Fwd: Getting all projects to sign releases - Forrest, Xindice]

[Juan Jose Pablos <ch...@che-che.com>]

Is there any info in how to sign a release?
Do we need only to provide a pgp KEY?

Cheers,
Cheche

Re: [Fwd: Getting all projects to sign releases - Forrest, Xindice]

[Tetsuya Kitahata <te...@apache.org>]

cf.
http://nagoya.apache.org/wiki/apachewiki.cgi?ReleaseManager
http://jakarta.apache.org/site/convert-to-mirror.html
http://www.apache.org/dev/mirrors.html
http://cvs.apache.org/~bodewig/mirror.html

__ Tetsuya <te...@apache.org> __

On Sat, 13 Sep 2003 03:44:25 +0200
(Subject: [Fwd: Getting all projects to sign releases - Forrest, Xindice])
Juan Jose Pablos <ch...@che-che.com> wrote:

> Is there any info in how to sign a release?
> Do we need only to provide a pgp KEY?
> 
> Cheers,
> Cheche

-----------------------------------------------------------
Tetsuya Kitahata --  Terra-International, Inc.
E-mail: tetsuya@apache.org  http://www.terra-intl.com/
(Accredited Herrmann Brain Dominance Instrument Facilitator)
http://www.hbdi.com/

RE: [Fwd: Getting all projects to sign releases - Forrest, Xindice]

[Johan Kok <jk...@messianic.dyndns.org>]

CheChe,

An MD5 key would be much better. The purpose of the signature is to be
irreversable (PGP does not suffice). The basic purpose is that if you
receive a document, generate a key, that generated key should match the one
you receive to prove that the document you received is intact, i.e. exactly
the same as the one the original key was generated with.

Johan

> -----Original Message-----
> From: Juan Jose Pablos [mailto:cheche@che-che.com]
> Sent: 13 September 2003 03:44
> To: forrest-dev@xml.apache.org
> Subject: [Fwd: Getting all projects to sign releases -
> Forrest, Xindice]
>
>
> Is there any info in how to sign a release?
> Do we need only to provide a pgp KEY?
>
> Cheers,
> Cheche
>