Re: PGP signing releases

From: Neil Conway <neilc(at)samurai(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PGP signing releases
Date: 2003-02-03 16:51:15
Message-ID: 1044291075.25210.933.camel@tokyo
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, 2003-02-02 at 21:23, Marc G. Fournier wrote:
> well, if you want to tell me the steps, I'll consider it ...

I certainly wouldn't consider myself to be an expert in PGP, but my
understanding of the basic steps is:

(1) Generate a public/private key pair for the PGDG team. This should be
used to sign all "official" packages.

(2) Have this PK signed by various people who can actually verify that
Marc Fournier == 'that PGP key' == 'PGDG member'.

(2) Upload the public key to PGP keyservers, like keyserver.net,
www.pgp.net, etc. as well as provide a copy of the public key on
www.postgresql.org and ftp.postgresql.org

(3) Sign official releases using the PGDG private key, and provide the
signatures on www.postgresql.org along with the packages themselves.

If someone more experienced in the use of PGP would like to comment,
please go ahead.

Cheers,

Neil
--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Merlin Moncure 2003-02-03 16:51:20 Win32 Technical Questions
Previous Message Marc G. Fournier 2003-02-03 16:38:37 v7.3.2 Tag'd and Bundle'd ...