On Tue, 15 Jan 2013, Gary Martin wrote:
> I don't know if there is a plan to make this even less work but I think we
> could probably keep the KEYS file up to date by:
>
> wget -O KEYS https://people.apache.org/keys/group/bloodhound.asc
>
> and committing any changes.
>
> Does anyone know more about all this though?
There has been some discussions about this in the last few weeks (most on
the infrastructure list, if memory serves). As long as everyone has their
current key in LDAP, then that's a good way to keep the list current.
However, the KEYs file should generally also contain the list of past keys
too, so people can use it to verify old releases too. To that end, you
probably want to use the LDAP generated keys file to append to your keys
list, not replace it, so the old keys remain there too. It's a few more
steps than just a wget+commit, but not many!
Nick
|