ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: Keys file...... Was: [VOTE] XmlSchema 2.0.2 Take 3
Date Mon, 09 Apr 2012 15:38:59 GMT
On Mon, Apr 9, 2012 at 10:45 AM, Andreas Veithen
<andreas.veithen@gmail.com> wrote:
> Wouldn't it make more sense then to go a step further and request
> setting up svnpubsub to publish releases via
> https://dist.apache.org/repos/dist/ (and manage the KEYS files in that
> repository as well)?

I don't think that is relevant.

Someone downloading might be suspicious that the owner of a mirror has
tampered, and created a bogus KEYS file while tampering. So, various
global apache.org web pages suggest going to the svn repo for the
actual source code and getting KEYS from there. Nothing pubsub will
help with this.


>
> Andreas
>
> On Mon, Apr 9, 2012 at 16:22, Benson Margulies <bimargulies@gmail.com> wrote:
>> Yes, SVN. One of the validation mechanisms is to get KEYS from svn, to
>> detect tampered-with packages.
>>
>>
>> On Mon, Apr 9, 2012 at 10:21 AM, Daniel Kulp <dkulp@apache.org> wrote:
>>> On Monday, April 09, 2012 04:13:14 PM Andreas Veithen wrote:
>>>> On Mon, Apr 9, 2012 at 15:59, Daniel Kulp <dkulp@apache.org> wrote:
>>>> > On Sunday, April 08, 2012 04:48:27 PM Benson Margulies wrote:
>>>> >> but ... we have no KEYS file in the xmlschema tree.
>>>> >
>>>> > Not in neethi or axiom or others either....
>>>>
>>>> That is not correct. Axiom always had its own KEYS file which was located
>>>> here:
>>>>
>>>> http://www.apache.org/dist/ws/commons/axiom/
>>>>
>>>> Maybe you got confused because for the 1.2.13 release, I removed the
>>>> "commons" part of the URL and I created an empty axiom directory
>>>> already a couple of days ago (I only copied the 1.2.13 distribution
>>>> and the KEYS file to the new location today).
>>>
>>> I think Benson was commenting on KEYS in svn, not the dist area.   I could
>>> be wrong though.  :-)
>>>
>>> Same point though, would it make sense to just have a single KEYS file in :
>>>
>>> http://www.apache.org/dist/ws/
>>>
>>> covering everything?
>>>
>>> (And looking at that list, we probably should remove some of the stuff
>>> there.  Juddi, many of the Axis things, etc...)
>>>
>>>
>>> Dan
>>>
>>>
>>>
>>>>
>>>> > Would anyone object if I just grabbed:
>>>> >
>>>> > https://people.apache.org/keys/group/ws-pmc.asc
>>>> >
>>>> > and used that for the KEYS file?
>>>> >
>>>> > Next question: should I just stick it in the root of webservices or
in
>>>> > each module individually?   Maybe in:
>>>> >
>>>> > http://svn.apache.org/repos/asf/webservices/admin/
>>>> >
>>>> > Thoughts?
>>>> >
>>>> > Dan
>>>
>>> --
>>> Daniel Kulp
>>> dkulp@apache.org - http://dankulp.com/blog
>>> Talend Community Coder - http://coders.talend.com
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: dev-help@ws.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: dev-help@ws.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message