establish a trust relationship (Re: missing signatures)

24 Sep 2003 21:11:29 -0000 

(B# CC: community@ and infra team ml
(B
(BOn Wed, 24 Sep 2003 15:29:33 -0400 (Est (heure d'$BqUq
(B)
(BJoshua Slive <[EMAIL PROTECTED]> wrote:
(B
(B> I personally rarely use pgp to validate downloaded files, but I
(B> disagree with you here.  I believe it is good to provide the pgp
(B> signatures for downloaders.  Most will choose not to use them, but for
(B> those who want to be really sure they are getting something produced
(B> by an ASF member can get a higher degree of trust.  They can do this
(B> by:
(B> 
(B> - Using the KEYS file from a previous, known good distribution.
(B> 
(B> - Checking the KEYS against a key server.
(B> 
(B> - Establishing a trust relationship with the signer personally, or by
(B> telephone.
(B
(BAha. This solved! ;-)
(B
(BAhhh. Now, there are no *ASF members* in Japan (Maybe, this goes for
(Bother Asian countries), so the things can be easily inconsistent.
(B# The only *Japanese-native* fellow (and ASF member) is now in the USA,
(B# I've heard.
(B
(BIn such a situation, we can not build "establish a trust relationship"
(Busing telephone or meeting in private (in japan) with ASF members.
(BAs a result, the "chain of trust" can not be established and as a 
(Bmatter of course, people in apache.org would never know "who is tetsuya"
(Bforever. :-) Also, as a matter of course, high-leveled trust with
(Bcommitters and members would not be able to be established forever.
(B
(B--
(B
(B<OffTopic>
(BIt would be important for us to establish not only
(B"build website"/"build jar files" by using Ant but also
(B"build relationship with each committers/members"
(Bby using more *humane* method. WoW.
(B</OffTopic>
(B
(B--
(B
(BAnyway, Jakarta/XML/WS and related projects have a lot of "Release"s,
(Bhowever, there could be said .. the lack of the chain of trust and
(Black of membership. Inconsistency and self-contradiction.
(B
(B--
(B
(BWoW. It's really nice to know the fact that the ASF have had
(Bsince the 20th century (1999).... good old days.
(BBefore thinking of the "ApacheCON" LOGO campaign, we/you could think
(Bof the "CHAIN OF TRUST" campaign within the apache.org as a whole!!
(B
(B"CHAIN OF TRUST" campaign would bring more prosperity and chain of
(Bhappiness to the ASF and individuals of whom this community is composed.
(B
(BAny ideas?
(B
(BSincerely,
(B
(B__ Tetsuya <[EMAIL PROTECTED]> __
(B
(BP.S. Stephen McConnell <[EMAIL PROTECTED]> wrote:
(B> Has anyone discussed the establishment of an Apache PKI Authority?
(BCan it be explained more? .... interesting.
(B
(B
(B---------------------------------------------------------------------
(BTo unsubscribe, e-mail: [EMAIL PROTECTED]
(BFor additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to