cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-12239) Add mshuler's key FE4B2BDA to dist/cassandra/KEYS
Date Wed, 20 Jul 2016 09:04:20 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385574#comment-15385574
] 

Sylvain Lebresne commented on CASSANDRA-12239:
----------------------------------------------

While we're talking about that, I've always feel like this was weird to sign the packages
with personal keys, since people doing releases change and that means users have to regularly
add news keys, and I wonder how "safe" that ends up being.

I wonder how feasible it would be to create one key for Cassandra that any committer could
use and that wouldn't change all the time? Probably would have to check with INFRA for how
other project do it, assuming anyone else does debian packages.

I'm also not entirely sure why we use that {{KEYS}} file which as far as I can tell is mostly
a list of debian devs (except for us that is). 

> Add mshuler's key FE4B2BDA to dist/cassandra/KEYS
> -------------------------------------------------
>
>                 Key: CASSANDRA-12239
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12239
>             Project: Cassandra
>          Issue Type: Task
>          Components: Packaging
>            Reporter: Michael Shuler
>            Assignee: Michael Shuler
>             Fix For: 3.x
>
>         Attachments: KEYS+mshuler.diff.txt
>
>
> I've started working on packaging with the 3.8 release and signed the staging artifacts
with FE4B2BDA. This key will need to be added for the debian repository signature to function
correctly, if it's released as-is, or perhaps [~tjake] will need to re-sign the release. Users
will need to also fetch this new key and add to {{apt-key}}.
> {{KEYS}} patch attached.
> Assigned to myself, but I am not sure exactly where {{KEYS}} lives - in svn somewhere
or a direct upload? :)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message