robert burrell donkin wrote:
the lenya download page contains links to ASC and MD5 on the mirrors.
I guess you mean the links here http://lenya.apache.org/#download and here http://lenya.apache.org/docs/1_2_x/installation/index.html
it is *very* important that these links are *not* mirrored and use the originals. this allows users to check that the artifacts they download have not been replaced by trojans.
IIUC the ASC and MD5 should only be served from the Lenya website, right?
it would also be good if the public keys used to sign the releases were uploaded to a public key server.
is there any recommended public key server? I guess it's best if we add this to our release management http://wiki.apache.org/lenya/ProjectReleaseHowTo and that maybe Antonio as our release manager can take care of it. Thanks Michi
- robert
-- Michael Wechner Wyona - Open Source Content Management - Apache Lenya http://www.wyona.com http://lenya.apache.org [EMAIL PROTECTED] [EMAIL PROTECTED] +41 44 272 91 61 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
