On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote:
...is that really how most apache projects manage keys? .. import a big existing list from some other project and then gradually grow it?
Most I don't know, Cocoon, Forrest and others do it. And the current KEYS.txt is just *my* key (which has some signatures ;-)
...I would have assumed there was some central list of keys for Apache commiters...
Dunno if there's one, usually I'd look for keys at pgp.mit.edu or similar servers. The KEYS.txt file is just a convenience for people to easily find keys of the people who sign releases, not really a "key management tool". My key is probably not needed there as I'm not going to sign releases, so feel free to remove it, I added it as an example. We could also just have the URLs of people's keys in there. -Bertrand
