RE: PGP Key signing
there's a link on the old (?) wiki site .. http://nagoya.apache.org/wiki/apachewiki.cgi?SigningReleases cheers, andy > -Original Message- > From: Mark R. Diggory [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 20, 2004 4:27 PM > To: Henk P. Penning; Apache Infrastructure; Jakarta General List > Subject: PGP Key signing > > > > > I'm finishing up writing a PGP plugin for maven to generate > public/private keypairs, sign artifacts, verify artifacts and do > encryption/decryption. This should eventually make publishing to the > maven repository very smooth and easy to accomplish. > > > I would like to gather together the following into some PGP/MD5 FAQ > documentation for the Apache site: > > 1.) Proper procedures for generating and publishing PGP keys > for use at > Apache. > > Answer simple questions like; > where to place your public keys. > where not to place your private keys. > > > 2.) How to go about key signing to build up the web of trust > at Apache. > When I was browsing Henk's page I noticed the web of trust stuff: > http://www.apache.org/~henkp/trust/apache.html http://apache.org/~erikabele/wot/wot.html http://www.apache.org/~henkp/md5/doc.html http://www.apache.org/~henkp/sig/ 3.) As much other interesting errata as possible concerning PGP signatures and MD5 checksums. If you have any more interesting links, important documentation, etc, or come across anything. I'd like to start building them up into a canonical source on this stuff. thanks, Mark -- Mark Diggory Software Developer Harvard MIT Data Center http://www.hmdc.harvard.edu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PGP Key signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El miércoles, 21 ener, 2004, a las 01:26 Europe/Madrid, Mark R. Diggory escribió: I'm finishing up writing a PGP plugin for maven to generate public/private keypairs, sign artifacts, verify artifacts and do encryption/decryption. This should eventually make publishing to the maven repository very smooth and easy to accomplish. I would like to gather together the following into some PGP/MD5 FAQ documentation for the Apache site: 1.) Proper procedures for generating and publishing PGP keys for use at Apache. Answer simple questions like; where to place your public keys. where not to place your private keys. 2.) How to go about key signing to build up the web of trust at Apache. When I was browsing Henk's page I noticed the web of trust stuff: http://www.apache.org/~henkp/trust/apache.html http://apache.org/~erikabele/wot/wot.html http://www.apache.org/~henkp/md5/doc.html http://www.apache.org/~henkp/sig/ There was a keysigning event during the last ApacheCON, and I hope this will be ongoing for future ones. It was very nice, I really enjoyed it. In [EMAIL PROTECTED] there have been interesting discussion on how to sign other Apache people keys, etc. Also, I see no links to the wiki, where there is another bunch of resources already: http://nagoya.apache.org/wiki/apachewiki.cgi?SigningReleases 3.) As much other interesting errata as possible concerning PGP signatures and MD5 checksums. If you have any more interesting links, important documentation, etc, or come across anything. I'd like to start building them up into a canonical source on this stuff. I was looking for pages on the key signing event, but I couldn't found them. I cc: community, where the action took place last time. thanks, Mark -- Mark Diggory Software Developer Harvard MIT Data Center http://www.hmdc.harvard.edu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFADjo2ZAeG2a2/nhoRAucvAKDnE4uRqxpUCLs2jcdjv/Cjs+C43gCeOvba 14hbeByUB4otofAO/2jl2W4= =K+BP -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
PGP Key signing
I'm finishing up writing a PGP plugin for maven to generate public/private keypairs, sign artifacts, verify artifacts and do encryption/decryption. This should eventually make publishing to the maven repository very smooth and easy to accomplish. I would like to gather together the following into some PGP/MD5 FAQ documentation for the Apache site: 1.) Proper procedures for generating and publishing PGP keys for use at Apache. Answer simple questions like; where to place your public keys. where not to place your private keys. 2.) How to go about key signing to build up the web of trust at Apache. When I was browsing Henk's page I noticed the web of trust stuff: http://www.apache.org/~henkp/trust/apache.html http://apache.org/~erikabele/wot/wot.html http://www.apache.org/~henkp/md5/doc.html http://www.apache.org/~henkp/sig/ 3.) As much other interesting errata as possible concerning PGP signatures and MD5 checksums. If you have any more interesting links, important documentation, etc, or come across anything. I'd like to start building them up into a canonical source on this stuff. thanks, Mark -- Mark Diggory Software Developer Harvard MIT Data Center http://www.hmdc.harvard.edu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]