there's a link on the old (?) wiki site .. http://nagoya.apache.org/wiki/apachewiki.cgi?SigningReleases
cheers, andy > -----Original Message----- > From: Mark R. Diggory [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 20, 2004 4:27 PM > To: Henk P. Penning; Apache Infrastructure; Jakarta General List > Subject: PGP Key signing > > > > > I'm finishing up writing a PGP plugin for maven to generate > public/private keypairs, sign artifacts, verify artifacts and do > encryption/decryption. This should eventually make publishing to the > maven repository very smooth and easy to accomplish. > > > I would like to gather together the following into some PGP/MD5 FAQ > documentation for the Apache site: > > 1.) Proper procedures for generating and publishing PGP keys > for use at > Apache. > > Answer simple questions like; > where to place your public keys. > where not to place your private keys. > > > 2.) How to go about key signing to build up the web of trust > at Apache. > When I was browsing Henk's page I noticed the web of trust stuff: > http://www.apache.org/~henkp/trust/apache.html http://apache.org/~erikabele/wot/wot.html http://www.apache.org/~henkp/md5/doc.html http://www.apache.org/~henkp/sig/ 3.) As much other interesting errata as possible concerning PGP signatures and MD5 checksums. If you have any more interesting links, important documentation, etc, or come across anything. I'd like to start building them up into a canonical source on this stuff. thanks, Mark -- Mark Diggory Software Developer Harvard MIT Data Center http://www.hmdc.harvard.edu --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
