incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: Correct process for signing keys?
Date Sun, 02 Jun 2013 08:23:54 GMT
Hi Andrew,

here are some basic docs:

http://www.apache.org/dev/release-signing.html
http://www.apache.org/dev/openpgp.html#update

I could not find information on your specific question. At log4php we were
curious recently about the same and decided to go with this:
http://www.apache.org/dist/logging/log4php/KEYS

But we made sure it would match this:
https://people.apache.org/keys/group/logging-pmc.asc

Basically my understanding is the one from people would be fine alone.
There is some danger people would take the KEYS file from a mirror which is
to my knowledge not possible from people.

My 2 cents- hopefully somebody with more knowledge on that matter (infra)
can add a note.

Cheers



On Thu, May 30, 2013 at 10:44 PM, Andrew Phillips <andrewp@apache.org>wrote:

> Hi all
>
> Apologies in advance if this is not the correct audience for this
> question: what is the correct process now for publishing signing keys for
> releases? jclouds currently has a KEYS file [1]; there is another
> (different) file containing keys in the groups list [2] on people.apache,
> and most individual committers *also* have their personal keys
> automatically retrieved via people.apache (e.g. [3]).
>
> In an email thread on this topic Brian (McCallister) indicated that:
>
>  Upon investigation, if release signing keys are published via
>> https://people.apache.org/**keys/ <https://people.apache.org/keys/> then
>> we don't need a KEYS file and should remove it.
>>
>> -Brian
>>
>
> In that case, I'd be grateful if you could give some guidance on what the
> validity of the other approaches (KEYS file published somewhere or group
> KEYS file) is, and what we should do with those files, if anything.
>
> Thanks!
>
>
> Andrew
>
> [1] http://www.apache.org/dist/**incubator/jclouds/KEYS<http://www.apache.org/dist/incubator/jclouds/KEYS>
> [2] https://people.apache.org/**keys/group/jclouds.asc<https://people.apache.org/keys/group/jclouds.asc>
> [3] https://people.apache.org/**keys/committer/andrewp.asc<https://people.apache.org/keys/committer/andrewp.asc>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: general-unsubscribe@incubator.**apache.org<general-unsubscribe@incubator.apache.org>
> For additional commands, e-mail: general-help@incubator.apache.**org<general-help@incubator.apache.org>
>
>


-- 
http://www.grobmeier.de
https://www.timeandbill.de

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message