incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject KEYS files within source archives
Date Mon, 23 Sep 2013 20:57:33 GMT
> On Wed, Sep 18, 2013 at 8:25 PM, Dave Brondsema <dave@brondsema.net> wrote:
>
>> Do you have a KEYS file posted somewhere besides within the release?

Thanks for a good spot and thoughtful observation, Dave.  This is worth
discussing.

MHO: supplying a KEYS file within the source archive is worthless at best.

On Wed, Sep 18, 2013 at 9:50 PM, Ted Dunning <ted.dunning@gmail.com> wrote:
> It is in version control as per custom.  Drill uses git so it might not be
> quite as obvious if you are used to SVN.
>
> See, for instance,
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-drill.git;a=blob;f=KEYS;h=205469b84b8bda60fcb87486182d4fb7caf0485d;hb=HEAD

There may be precedent but it seems to me that including a KEYS file within
a source archive shouldn't be considered a best practice.  (For the record,
so long as the KEYS file is available from somewhere else safe, I don't think
the issue blocks Drill's release candidate.)

Now that changes to our distribution area are captured via version control
(dist.apache.org), is there any reason to maintain KEYS in the master branch
any more?

There was talk a while back of transitioning to an LDAP-centric key scheme,
but there are flaws with that approach: former RMs who leave the community
suddenly causing the key needed for an old release to become unavailable, etc.

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message