incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Date Tue, 14 Oct 2014 11:42:30 GMT
On 14 October 2014 04:40, Ted Dunning <ted.dunning@gmail.com> wrote:
> My search was on the key servers, by using pgp.mit.edu.  The issue was that
> you, ironically, can't seem to search by key id.

You need to prefix the (hex) id with 0x, for example:

http://pgp.mit.edu/pks/lookup?search=0x2AD3FAE3&op=index&fingerprint=on

>
>
> On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jhyde@apache.org> wrote:
>
>> For the record, I did register my key fingerprint at https://id.apache.org
>> and my key is present at
>> https://people.apache.org/keys/committer/jhyde.asc.
>> And it was before the release was made. So, I am surprised that it did not
>> show up in a search.
>>
>> Julian
>>
>>
>> On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <dennis.hamilton@acm.org>
>> wrote:
>>
>> I suggest that the release manager and anyone else in the KEYS file should
>> have added key fingerprints to their Apache profiles at <
>> https://id.apache.org/>.
>>
>> This will have their PGP keys refreshed regularly under their Apache ID at
>> <https://people.apache.org/keys/committer/>.
>>
>> With regard to an identifiable association of the key, presence in this
>> manner connects the PGP key to The Apache ID by demonstration of control
>> over the committer's Apache profile.
>>
>> One can go farther by adding the user-id@apache.org to an User-ID on the
>> key.
>> Verifying that one has control over that e-mail address (and all User-IDs)
>> Is done by registering the public key at the PGP Global Directory service
>> at
>> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
>> ceremony specified there.  After the ceremony is completed, you can
>> retrieve
>> your counter-signed PGP key from that service and synchronize it to a
>> public
>> PGP key server.  The ASF will pick it up on a future refresh.
>>
>> Use of the key from the Apache ID list has certain valuable properties.  It
>> is
>> not fixed, as in the key files in the project and in distributions.  That
>> means
>> any additional (web-of-trust) certifications of the keys association with a
>> committer are updated automatically.  That includes any revocations.
>>
>>
>> -- Dennis E. Hamilton
>>    dennis.hamilton@acm.org    +1-206-779-9430
>>    https://keybase.io/orcmid  PGP F96E 89FF D456 628A
>>    X.509 certs used and requested for signed e-mail
>>
>>
>>
>> -----Original Message-----
>> From: Justin Mclean [mailto:justin@classsoftware.com]
>> Sent: Sunday, October 12, 2014 22:29
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>>
>> Hi,
>>
>> First, the signing key is present in SVN, but has not been uploaded to the
>> standard key-servers, nor has it been signed by anyone.
>>
>>
>> I found it here:
>> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>>
>> Even if the key is part of a web trust it may not be part of everyone's web
>> of trust. I'd see that as a hard requirement to meet.
>>
>> Thanks,
>> Justin
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message