----- Original Message ----- From: "Charles Wilson" <[EMAIL PROTECTED]> To: "Robert Collins" <[EMAIL PROTECTED]> Sent: Thursday, July 11, 2002 8:40 AM Subject: Re: Maintainers doing it for themselves
> > If the signature doesn't checkout on your 'net release' keyring, then > > it's not a maintainer uploading. > > > > A cron job could scan for new files every <x> minutes. > > > A cron job with access to a keyring? Is that a good idea? Yes. Note: this is not a cron job with access to a private keyring. It's a cron job with access to a collection of gpg public keys, and thats all it needs to validate that the uploaded package is signed by someone. Rob
