Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-488

Remove KEYS file

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • P2
    • Resolution: Fixed
    • Not applicable
    • 0.2.0-incubating
    • project-management
    • None

    Description

      http://mail-archives.apache.org/mod_mbox/incubator-general/201606.mbox/%3CCAAS6=7hVLcw6060Un7sXxk+WLLh08DFOSWktC0Aam4F=DyE0xA@mail.gmail.com%3E

      > Bundling PGP keys inside a package is worse than worthless – an attacker can
      just bundle spoofed keys with a bogus distro! Keys need to be made available
      from a highly reliable, separate server: Download the main package from a
      mirror, get PGP keys from apache.org, pgp.mit.edu, etc. and verify.
      >
      > The KEYS file within the Beam source tree should be deleted.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #732

          Activity

            People

              dhalperi Dan Halperin
              dhalperi Dan Halperin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: