db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen" <Bernt.John...@Sun.COM>
Subject Re: up to signing but...
Date Sun, 17 Jun 2007 19:03:28 GMT
>>>>>>>>>>>> Myrna van Lunteren wrote (2007-06-17 11:57:35):
> On 6/17/07, Bernt M. Johnsen <Bernt.Johnsen@sun.com> wrote:
> >>>>>>>>>>>>> Myrna van Lunteren wrote (2007-06-17
> >> I am embarrassed to say, it appears I've misremembered my passphrase.
> >>
> >> Any suggestions on how to proceed?
> >
> >If you've lost your PGP passphrase, I think there's very little that
> >can be done except to generate a new key (I don't think you can revoke
> >the old key either, unless you generated a revocation certificate when
> >you generated the key).
> >
> >I also noticed that your key was not signed by anyone excpet yourself:
> >
> >bernt@barbar:~$ gpg -kvv myrna
> >gpg: using classic trust model
> >pub   1024D/44236C9F 2007-04-25
> >uid                  Myrna van Lunteren <m.v.lunteren@gmail.com>
> >sig 3        44236C9F 2007-04-25  Myrna van Lunteren 
> ><m.v.lunteren@gmail.com>
> >sub   2048g/A0D97033 2007-04-25
> >sig          44236C9F 2007-04-25  Myrna van Lunteren 
> ><m.v.lunteren@gmail.com>
> >
> >
> >I think I remember that it says somewhere that you need to get your
> >key signed by some other (at least one) person in the "apache web of
> >trust" before you sign an apache release with your key.
> >
> >
> >Bernt
> >
> Thx Bernt for replying...I am certain I went through a little exercise
> with Andrew where he was siging my key - at least I think that was the
> purpose.
> Apparently that went wrong.
> I have already made a new key, not uploaded yet, my questions are:
> - does that key need to be in the KEYS of the version you're trying to 
> build?

If it's not going to be an official release, it should not be
necessary for the new key to be in the KEYS file, for an official
release, it would have to be there.

> - or, if we're assuming this is not a final build (which is what I've
> been saying the last couple of days) can I put it out on the web for
> testing without it being signed?

As long it's not an official release, I would say that's ok.

> I'm now going ahead assuming this doesn't need to be signed yet if
> it's not an official release.

That's fine with me.
> Myrna

Bernt Marius Johnsen, Database Technology Group, 
Staff Engineer, Technical Lead Derby/Java DB
Sun Microsystems, Trondheim, Norway

View raw message