incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Phillips <andr...@apache.org>
Subject Correct process for signing keys?
Date Thu, 30 May 2013 20:44:48 GMT
Hi all

Apologies in advance if this is not the correct audience for this  
question: what is the correct process now for publishing signing keys  
for releases? jclouds currently has a KEYS file [1]; there is another  
(different) file containing keys in the groups list [2] on  
people.apache, and most individual committers *also* have their  
personal keys automatically retrieved via people.apache (e.g. [3]).

In an email thread on this topic Brian (McCallister) indicated that:

> Upon investigation, if release signing keys are published via  
> https://people.apache.org/keys/ then we don't need a KEYS file and  
> should remove it.
>
> -Brian

In that case, I'd be grateful if you could give some guidance on what  
the validity of the other approaches (KEYS file published somewhere or  
group KEYS file) is, and what we should do with those files, if  
anything.

Thanks!


Andrew

[1] http://www.apache.org/dist/incubator/jclouds/KEYS
[2] https://people.apache.org/keys/group/jclouds.asc
[3] https://people.apache.org/keys/committer/andrewp.asc

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message