[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-dev
Subject: Re: svn commit: r947374 - /struts/maven/trunk/build/KEYS
From: Wes Wannemacher <wesw () wantii ! com>
Date: 2010-05-25 20:23:54
Message-ID: AANLkTim8m9b_ktz99OksnO18-MpqOJA7AvABVZPbnGwr () mail ! gmail ! com
[Download RAW message or body]
On Mon, May 24, 2010 at 3:04 AM, Lukasz Lenart
<lukasz.lenart@googlemail.com> wrote:
> 2010/5/23 Lukasz Lenart <lukasz.lenart@googlemail.com>:
>> 2010/5/23 Martin Cooper <martinc@apache.org>:
>>> If an existing key has ever been used to sign a release, it should not
>>> be removed from the KEYS file. It's still needed to verify those older
>>> releases. New keys should just be added without removing anything that
>>> was there before.
>>
>> I didn't know, I loose my old keys when my laptop was flooded :P
>> I will merge with the previous version.
>
> One more question, I never used that key to sign anything (I tried,
> but a Vote was cancelled). In such case maybe it's better to clean up
> the KEYS file?
>
I would say that whether the old key stays out depends on a few
things... For one, you mentioned that you've never used that key to
sign a release. If you can guarantee that, then I don't see the need
to pull it back into the KEYS file (Martin, feel free to disagree, I'd
back down pretty easy). The way I would guarantee is to scp all the
releases from people.a.o (or wget from a mirror) and loop through them
to make sure. Should be trivial, although it might kill your bandwidth
;).
If you can't find anything that you've signed with the keys that no
longer exist, I'd say leave it (for the sake of simplicity). But, I
would also make a backup (I prefer to burn to a CD, then keep them
somewhere safe) of your new private key.
-Wes
--
Wes Wannemacher
Head Engineer, WanTii, Inc.
Need Training? Struts, Spring, Maven, Tomcat...
Ask me for a quote!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic