directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <elecha...@gmail.com>
Subject Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Date Mon, 10 Aug 2015 06:43:39 GMT
My +1.


I do agree that a 4096 keys is better for releases, although the current
requirement is "Committers with a DSA key or an RSA key of length *less
than* 2048 bits should generate a new key for signing releases" .

Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare
minimum to cut a release. I suspect this will not hold for ever, it's
probably a good move to generate this 4096 bits long key before the next
release.


Packages and tag checked, signature checked.

Note that the sign.sh script is not part of the release, and it's hust a
tool that is provided to release managers, for convenience. Also note
that the XXX.asc files get signed too, which is unnecessary : tis is a
by-product of the release+sign.sh script. I usually remove them before
pushing the package son people.a.o...

Thanks Kiran !


Mime
View raw message