cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [Vote] cordova-plugin-inappbrowser@0.3.3
Date Thu, 06 Mar 2014 03:42:45 GMT
Just moved SetUpGpg wiki into coho as well since that's very release
process applicable. Problem is just that the github mirrors are not
up-to-date yet. You can see all the docs via apache's gitweb:

https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md

I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just as
good as a phone call?

If someone figures out how to use gpg --edit-key to fix up this message,
would be good to paste the commands into setting-up-gpg.md.



On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <csantana23@gmail.com> wrote:

> I think I found the information here
> https://www.apache.org/info/verification.html
>
> Based on this *"Some people are satisfied by reading the key signature over
> a telephone (voice verification). "*
>
> Should I give you a call Andrew? :-p
>
> By they way shouldn't the "KEYS" file be located in the download directory
> also? https://dist.apache.org/repos/dist/dev/cordova/iab/
>
>
> --Carlos
>
>
>
> On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <csantana23@gmail.com>
> wrote:
>
> > With the new process in place, where is documentation on how to verify
> the
> > signing and key stuff
> >
> > Was not able to find in the repo:
> >
> > https://github.com/apache/cordova-coho/tree/master/docs
> >
> >
> >
> >
> > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <iclelland@chromium.org
> >wrote:
> >
> >> I've seen that before -- it just means that you haven't declared,
> >> explicitly or implicitly, that you trust that the signing key is really
> >> Andrew's.
> >>
> >> The important line should be above that, and should say
> >>
> >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
> >> agrieve@apache.org>"
> >>
> >> What you can do right now is run "gpg --fingerprint", and then have
> Andrew
> >> do that same, and verify that they match. Then you can safely ignore the
> >> message :)
> >>
> >> The long term solution is to get Andrew's (and Steven's, and anyone
> >> else's)
> >> public key signed by some Apache folks. Apparently there's a key signing
> >> party at every ApacheCon, so that'll be a good time to do it.
> >>
> >>
> >> --------
> >> Instead of ignoring the message, you can also sign the key with your
> own:
> >>
> >> $ gpg --edit-key agrieve@apache.org
> >> > sign
> >> > save
> >>
> >>
> >>
> >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mmocny@chromium.org>
> wrote:
> >>
> >> > +1
> >> >
> >> > However, gpg --verify gives me:
> >> >
> >> > gpg: WARNING: This key is not certified with a trusted signature!
> >> > gpg:          There is no indication that the signature belongs to the
> >> > owner.
> >> >
> >> > I don't recall seeing this before. I had to add your new key to verify
> >> this
> >> > time.
> >> >
> >> > -Michal
> >> >
> >> >
> >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <agrieve@chromium.org>
> >> > wrote:
> >> >
> >> > > Please review and vote on the release of this inappbrowser release.
> >> > >
> >> > > The plugin has been publish here:
> >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
> >> > >
> >> > > It is the same as the recently published 0.3.2, except with:
> >> > > * CB-6172 Fix broken install on case-sensitive file-systems
> >> > >
> >> > > The packages were published from their corresponding git tags:
> >> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> >> > >
> >> > > Upon a successful vote I will upload the archives to dist/, upload
> >> them
> >> > to
> >> > > the Plugins Registry, and post the corresponding blog post.
> >> > >
> >> > > Voting will go on for a minimum of 20 hours.
> >> > >
> >> > > I vote +1.
> >> > >
> >> >
> >>
> >
> >
> >
> > --
> > Carlos Santana
> > <csantana23@gmail.com>
> >
>
>
>
> --
> Carlos Santana
> <csantana23@gmail.com>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message