corinthia-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: [DISCUSS][PRE-VOTE] Release candidate 0.1
Date Tue, 18 Aug 2015 21:04:49 GMT
I did some digging into the release and release-review procedures and I noticed that one practice
is to place a KEYS file in the same folder as the release candidates (and then the release
folder) on the Apache site where the candidates are stored.  This would include at least the
public key that can be used to verify the .asc digital signature on the RC.

I think that can be done now, even with [VOTE]ing in progress, because it is not about the
substance of the [VOTE].

 - Dennis

-----Original Message-----
From: Dennis E. Hamilton [] 
Sent: Friday, August 14, 2015 11:12
Subject: RE: [DISCUSS][PRE-VOTE] Release candidate 0.1

I'm sorry that my question was unclear.  It was not that I didn't know how to find Jan's public
key.  My question is how any third party could determine who the release manager is and how
to find an authentic version of that committer's public key for verifying the signature on
an alleged release (candidate).

I know how to find that public key, although apparently it does not correspond to the private
key that was used [;<).

 - Dennis

-----Original Message-----
From: Peter Kelly [] 
Sent: Friday, August 14, 2015 10:22
Subject: Re: [DISCUSS][PRE-VOTE] Release candidate 0.1

> On 14 Aug 2015, at 11:23 pm, Dennis E. Hamilton <> wrote:
> Please provide an authoritative ASF location of the public key to use for checking the
signature.  It would be something like a continuously verified key on this list: <>.

Dr Peter M. Kelly

PGP key: <>
(fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)

View raw message