Martin left off some context that might confuse some list readers. I had inquired about how to sign the pre-release tarball. I signed 2.5.6pre1 with my personal key, but Martin suggested there be a team key.
On Thu, Jan 16, 2003 at 10:42:53AM +1100, Martin Pool wrote: > [replied to list] > > There was a discussion about this on the Samba list a while ago > > http://lists.samba.org/pipermail/samba-technical/2002-November/040931.html > > Briefly > > We should create a team signing key, with an lifetime of about a > year. It has to be relatively short to allow for turnover in the > people who have access to the key. > > The signing key must only be stored on secure machines, certainly > *not* on samba.org. (If it was on samba.org, somebody who > compromised that machine could also generate new signatures and it > would be pointless.) > > The key should be signed by team members and other relevant people; > we should also sign each others' keys. > > The key should be on the keyservers and on the web site. > > Unless you've already done so I'll create the key and send the private > half to you and the public half to the website, keyservers, and list. I have not done so, and if you're willing to set that up please go ahead. A web page describing how to use the signature, like what you were talking about on the samba list, would be great. - Dave -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html