[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ant-dev
Subject:    Re: [VOTE] Release Compress Antlib 1.5 based on RC3
From:       Matt Sicker <boards () gmail ! com>
Date:       2017-06-14 16:33:00
Message-ID: CACmp6koRU5V6POfyHrXsMhuqvquc_kd4d60yj7B-c4EwmrghVA () mail ! gmail ! com
[Download RAW message or body]


I generally import each project's KEYS file, and having been to a key
signing party before at ApacheCon, I have a small web of trust to help
verify those signatures. The more people sign each other's keys, the easier
it is to verify.

On 14 June 2017 at 02:59, Jan Matèrne (jhm) <apache@materne.de> wrote:

> My first thought was 'I want to have all the stuff inside the distro.'
> That means also the ASC.
> But having the ASC inside the distro means letting the key on the lock ...
>
> So the 2nd thought was: how to verify the download?
> - download
> - hashvalue checksum
> - pgp check
> We could provide a howto file in the distro, but we also could provide a
> build snippet for automating that.
> a) provide the snippet via website and define an Ant property which
> artifact to get
> b) provide the snippet inside the distro and will only do the two checks
> (getting the checksums directly from the ASF server)
>
>
> Jan
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Stefan Bodewig [mailto:bodewig@apache.org]
> > Gesendet: Mittwoch, 14. Juni 2017 09:17
> > An: dev@ant.apache.org
> > Betreff: Re: [VOTE] Release Compress Antlib 1.5 based on RC3
> >
> > On 2017-06-13, Jan Matèrne (jhm) wrote:
> >
> > >> Should we include the PGP [e.g. 1] signature in the future?
> >
> > > Answer myself: should be only on ASF server, so people could trust
> > > that ;) Maybe place a note (next time) how to check that (do we have
> > a
> > > build snippet for that?)
> >
> > I'm not exactly sure what you mean.
> >
> > Should I have included the PGP signature of any of the artifacts inside
> > of the vote email?
> >
> > The vote email I've sent may have been a bit terse and I'm happy to
> > improve on it.
> >
> > Stefan
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org For additional
> > commands, e-mail: dev-help@ant.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
>
>


-- 
Matt Sicker <boards@gmail.com>


[prev in list] [next in list] [prev in thread] [next in thread]