On Fri, 16 Aug 2002, Andreas Hasenack wrote: > Is "striker" going to be signing apache releases from now on? > Previously the tarballs were signed by Cliff Woolley. > 2.0.40 is signed by Sander Striker, and the KEYS file keeps on growing :)
We've been tossing around the idea of using a "role" key to sign releases, but there are some obvious security implications to that which would need to be hashed out in order to protect the key. In the meanwhile, it's signed by whichever of the core developers volunteered to be the Release Manager. For recent releases, that has been Sander Striker and myself. Sander did 2.0.36, I did 2.0.37-2.0.39, and Sander did 2.0.40. I might do 2.0.41, but that's as yet not decided. Anyway, we are trying to address this issue. :) --Cliff
