incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bertrand Delacretaz" <bdelacre...@apache.org>
Subject Re: Some help with Lucene.Net release
Date Sat, 17 Mar 2007 18:28:48 GMT
On 3/17/07, George Aroush <george@aroush.net> wrote:

>... I generated the MD5 and SHA file based on:
> http://www.apache.org/dev/release-signing.html#md5 using the commands:
>
>   $ gpg --print-md MD5 [fileName] > [fileName].md5..

I'll let others comment as to whether this is a usually accepted
format. I have the impression that I've always seen keys in the md5 or
md5sum format. i.e. what you'd get running:

  md5sum [fileName] > [fileName].md5

But I don't know if this is a requirement of the ASF.

(the command is sometimes named md5, not md5sum, depending on your platform)

> ...As for your comment about the ASC file, I'm not sure what you mean by "your
> key hasn't been signed by anyone"?  Can you tell me how to fix it if this is
> a problem?..

People doing releases try to have their PGP keys signed by other ASF
people, in order to build a web of trust, see
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
for more info, or Henk's pages at
http://people.apache.org/~henkp/trust/

I don't think a key that is not signed by others is a problem w.r.t.
doing releases, but if you can get it signed at some point it's better
IMHO.

-Bertrand

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message