On 06/10/2012, at 2:23 AM, Chip Childers <chip.child...@sungard.com> wrote:
> On Fri, Oct 5, 2012 at 12:16 PM, Brett Porter <br...@apache.org> wrote: >> Hi Alex, >> >> On 06/10/2012, at 12:54 AM, Alex Huang <alex.hu...@citrix.com> wrote: >> >>> Please follow the test procedure before voting: >>> >>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+4.0+test+procedure >> >> I noticed the instructions rely on importing keys from a key server, after >> downloading the KEYS file. Wouldn't it be better to import the KEYS file >> directly instead? > > Brett, > > I followed the CouchDB test procedure document [1] as the template for > that verification step. Is it more common to use the KEYS file? The doc says... "You will need to import the keys into your local keychain before you can continue. You can do this manually, from the KEYS file. Or, you can import them from a public key server:" There is more info here: http://www.apache.org/dev/release-signing#public-key-not-found If you download from a key server, you need to trust it and check the fingerprint matches. Importing the keys file is typically quicker and more trustworthy. - Brett
