incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Date Tue, 14 Oct 2014 03:40:27 GMT
My search was on the key servers, by using pgp.mit.edu.  The issue was that
you, ironically, can't seem to search by key id.



On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jhyde@apache.org> wrote:

> For the record, I did register my key fingerprint at https://id.apache.org
> and my key is present at
> https://people.apache.org/keys/committer/jhyde.asc.
> And it was before the release was made. So, I am surprised that it did not
> show up in a search.
>
> Julian
>
>
> On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <dennis.hamilton@acm.org>
> wrote:
>
> I suggest that the release manager and anyone else in the KEYS file should
> have added key fingerprints to their Apache profiles at <
> https://id.apache.org/>.
>
> This will have their PGP keys refreshed regularly under their Apache ID at
> <https://people.apache.org/keys/committer/>.
>
> With regard to an identifiable association of the key, presence in this
> manner connects the PGP key to The Apache ID by demonstration of control
> over the committer's Apache profile.
>
> One can go farther by adding the user-id@apache.org to an User-ID on the
> key.
> Verifying that one has control over that e-mail address (and all User-IDs)
> Is done by registering the public key at the PGP Global Directory service
> at
> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
> ceremony specified there.  After the ceremony is completed, you can
> retrieve
> your counter-signed PGP key from that service and synchronize it to a
> public
> PGP key server.  The ASF will pick it up on a future refresh.
>
> Use of the key from the Apache ID list has certain valuable properties.  It
> is
> not fixed, as in the key files in the project and in distributions.  That
> means
> any additional (web-of-trust) certifications of the keys association with a
> committer are updated automatically.  That includes any revocations.
>
>
> -- Dennis E. Hamilton
>    dennis.hamilton@acm.org    +1-206-779-9430
>    https://keybase.io/orcmid  PGP F96E 89FF D456 628A
>    X.509 certs used and requested for signed e-mail
>
>
>
> -----Original Message-----
> From: Justin Mclean [mailto:justin@classsoftware.com]
> Sent: Sunday, October 12, 2014 22:29
> To: general@incubator.apache.org
> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>
> Hi,
>
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone.
>
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of everyone's web
> of trust. I'd see that as a hard requirement to meet.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message