On Thu, Oct 11, 2012 at 10:57 AM, Noah Slater <[email protected]> wrote: > Which is why we link to the .md5, .sha, .asc, and KEYS files on our severs. > Unless you're assuming a MITM along the request/response path to apache.org, > in which case all bets are off anyway. No?
Which is why I have my release vote messages include the .asc files in the actual vote. This way people can verify that the vote that is being carried out is done on the right artifacts including the correct .asc files. Perhaps I need to include the .asc contents in the release announcements as well (though that might be overkill). Martijn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
