commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <>
Subject Re: [all] releases
Date Wed, 23 Apr 2008 14:50:38 GMT
> How would that work logistically?  I publish RC
> artifacts, and once they're voted on, you sign the
> same artifacts that presumably you personally
> reviewed?  Doesn't that necessarily force us -not- to
> use the full mvn process?

Indeed - that's would mean not using the gpg maven plugin

>> Let's get him signed :)
> I have seen mentioned the idea of getting a signing
> done without a F2F.

Why? Where are you located? Antarctica? ;-)

>  If anyone has ideas on how to
> make this secure, I'm all ears.  Otherwise, how many
> signatures are needed?  Or does it just depend on how
> strongly trusted (how many signatures IT has)  a given
> signature is?

I'd think a signature from just a few apache folks would do.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message