I'm finishing up writing a PGP plugin for maven to generate public/private keypairs, sign artifacts, verify artifacts and do encryption/decryption. This should eventually make publishing to the maven repository very smooth and easy to accomplish.
I would like to gather together the following into some PGP/MD5 FAQ documentation for the Apache site:
1.) Proper procedures for generating and publishing PGP keys for use at Apache.
Answer simple questions like; where to place your public keys. where not to place your private keys.
2.) How to go about key signing to build up the web of trust at Apache. When I was browsing Henk's page I noticed the web of trust stuff:
http://www.apache.org/~henkp/trust/apache.html http://apache.org/~erikabele/wot/wot.html http://www.apache.org/~henkp/md5/doc.html http://www.apache.org/~henkp/sig/
3.) As much other interesting errata as possible concerning PGP signatures and MD5 checksums.
If you have any more interesting links, important documentation, etc, or come across anything. I'd like to start building them up into a canonical source on this stuff.
thanks, Mark
-- Mark Diggory Software Developer Harvard MIT Data Center http://www.hmdc.harvard.edu
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
