cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Santana <csantan...@gmail.com>
Subject Re: [Vote] cordova-plugin-inappbrowser@0.3.3
Date Thu, 06 Mar 2014 02:26:05 GMT
I think I found the information here
https://www.apache.org/info/verification.html

Based on this *"Some people are satisfied by reading the key signature over
a telephone (voice verification). "*

Should I give you a call Andrew? :-p

By they way shouldn't the "KEYS" file be located in the download directory
also? https://dist.apache.org/repos/dist/dev/cordova/iab/


--Carlos



On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <csantana23@gmail.com> wrote:

> With the new process in place, where is documentation on how to verify the
> signing and key stuff
>
> Was not able to find in the repo:
>
> https://github.com/apache/cordova-coho/tree/master/docs
>
>
>
>
> On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <iclelland@chromium.org>wrote:
>
>> I've seen that before -- it just means that you haven't declared,
>> explicitly or implicitly, that you trust that the signing key is really
>> Andrew's.
>>
>> The important line should be above that, and should say
>>
>> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
>> agrieve@apache.org>"
>>
>> What you can do right now is run "gpg --fingerprint", and then have Andrew
>> do that same, and verify that they match. Then you can safely ignore the
>> message :)
>>
>> The long term solution is to get Andrew's (and Steven's, and anyone
>> else's)
>> public key signed by some Apache folks. Apparently there's a key signing
>> party at every ApacheCon, so that'll be a good time to do it.
>>
>>
>> --------
>> Instead of ignoring the message, you can also sign the key with your own:
>>
>> $ gpg --edit-key agrieve@apache.org
>> > sign
>> > save
>>
>>
>>
>> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mmocny@chromium.org> wrote:
>>
>> > +1
>> >
>> > However, gpg --verify gives me:
>> >
>> > gpg: WARNING: This key is not certified with a trusted signature!
>> > gpg:          There is no indication that the signature belongs to the
>> > owner.
>> >
>> > I don't recall seeing this before. I had to add your new key to verify
>> this
>> > time.
>> >
>> > -Michal
>> >
>> >
>> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <agrieve@chromium.org>
>> > wrote:
>> >
>> > > Please review and vote on the release of this inappbrowser release.
>> > >
>> > > The plugin has been publish here:
>> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
>> > >
>> > > It is the same as the recently published 0.3.2, except with:
>> > > * CB-6172 Fix broken install on case-sensitive file-systems
>> > >
>> > > The packages were published from their corresponding git tags:
>> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
>> > >
>> > > Upon a successful vote I will upload the archives to dist/, upload
>> them
>> > to
>> > > the Plugins Registry, and post the corresponding blog post.
>> > >
>> > > Voting will go on for a minimum of 20 hours.
>> > >
>> > > I vote +1.
>> > >
>> >
>>
>
>
>
> --
> Carlos Santana
> <csantana23@gmail.com>
>



-- 
Carlos Santana
<csantana23@gmail.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message