commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@apache.org>
Subject Re: [all] releases
Date Wed, 23 Apr 2008 14:50:38 GMT
> How would that work logistically?  I publish RC
> artifacts, and once they're voted on, you sign the
> same artifacts that presumably you personally
> reviewed?  Doesn't that necessarily force us -not- to
> use the full mvn process?

Indeed - that's would mean not using the gpg maven plugin

>> Let's get him signed :)
>
> I have seen mentioned the idea of getting a signing
> done without a F2F.

Why? Where are you located? Antarctica? ;-)

>  If anyone has ideas on how to
> make this secure, I'm all ears.  Otherwise, how many
> signatures are needed?  Or does it just depend on how
> strongly trusted (how many signatures IT has)  a given
> signature is?

I'd think a signature from just a few apache folks would do.

cheers
--
Torsten

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message