Justin, could you *please* find a better way to say what you were (rightly) trying to convey about the keys file, below?
It's a little absurd to try to have folks chasing us down for sigs at home. Don't we all get enough oddball private inquiries? A much more rational approach would be a resource of 'HTTPD developer meets', a web page where we could *announce* our presence and the opportunity for the users to come to us? (A.C., LinuxWorld, et al?) As an RM to one who hasn't RM'ed, you are a bit out of line putting this on each and every RM. I do get very infrequent requests to verify my key, and have the means to do so. It doesn't belong in the KEYS file to put ideas in their heads, however, or I will have to quit doing so even for the ultra paranoid, educated users who deserve the courtesy ;-) Bill At 01:38 PM 2/17/2003, [EMAIL PROTECTED] wrote >jerenkrantz 2003/02/17 11:38:57 > > Modified: . KEYS > Log: > Oh, wordsmith away. We don't bite, but let's not tell anyone that. > > Revision Changes Path > 1.34 +24 -2 httpd-dist/KEYS > > Index: KEYS > +Please realize that this file itself or the public key servers may be > +compromised. You are encouraged to validate the authenticity of these keys in > +an out-of-band manner. A good start would be face-to-face communication with > +multiple photo identification confirmations. Each contributor has their > +location information available at http://httpd.apache.org/contributors/. > + > +Since the developers are usually quite busy, you may not immediately find > +success in someone who is willing to meet face-to-face (they may not even > +respond to your emails because they are so busy!). If you do not have a > +developer nearby or have trouble locating a suitable person, please send an > +email to the release manager of the release you are attempting to verify. They > +may be able to find someone who will be willing to verify their key in a less > +secure manner (over the phone perhaps).
