| From: | Neil Conway <neilc(at)samurai(dot)com> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PGP signing releases |
| Date: | 2003-02-03 16:51:15 |
| Message-ID: | 1044291075.25210.933.camel@tokyo |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, 2003-02-02 at 21:23, Marc G. Fournier wrote:
> well, if you want to tell me the steps, I'll consider it ...
I certainly wouldn't consider myself to be an expert in PGP, but my
understanding of the basic steps is:
(1) Generate a public/private key pair for the PGDG team. This should be
used to sign all "official" packages.
(2) Have this PK signed by various people who can actually verify that
Marc Fournier == 'that PGP key' == 'PGDG member'.
(2) Upload the public key to PGP keyservers, like keyserver.net,
www.pgp.net, etc. as well as provide a copy of the public key on
www.postgresql.org and ftp.postgresql.org
(3) Sign official releases using the PGDG private key, and provide the
signatures on www.postgresql.org along with the packages themselves.
If someone more experienced in the use of PGP would like to comment,
please go ahead.
Cheers,
Neil
--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2003-02-03 16:51:20 | Win32 Technical Questions |
| Previous Message | Marc G. Fournier | 2003-02-03 16:38:37 | v7.3.2 Tag'd and Bundle'd ... |