logging-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curt Arnold <carn...@apache.org>
Subject Re: [VOTE] log4net 1.2.9 beta release
Date Tue, 08 Mar 2005 15:36:07 GMT
 From http://www.apache.org/~henkp/trust/apache.html, it seems like it 
is no sin to sign a release with a key that has not yet been 
cross-signed.  2/3 of keys used to release ASF software haven't been 
cross-signed.  However, if you do release software with your key and 
later get that key signed, then all those benefits would flow back to 
the previous released software.  Having your key cross-signed is a good 
thing, but wasn't a graduation requirement.

The process described in http://www.apache.org/~henkp/trust/ involves 
face-to-face meeting with government issued ID (passport, drivers 
license).  Pretty easy if you live down the street from one of the 
existing ASF web of trust members (likely in the Bay Area, not so 
likely anywhere else).  There was an "key signing" party at the last 
ApacheCON (and likely one at ApacheCON Europe).

If you'd like to get cross-signed now, you might post a message on 
committers@apache.org asking for anyone near your location who would be 
up for meeting to sign your key to send you an email off list.  If you 
do that, ask if anyone near Houston, TX would email me.

On Mar 7, 2005, at 1:46 PM, Nicko Cadell wrote:

> I have created a PGP key pair, exported it to http://pgp.mit.edu/, 
> added
> it to the KEYS.txt in the root of the logging-log4net repository.
> I think I have done all the procedural things, and now I just need it 
> to
> be cross signed by other keys.
> Nicko
>> -----Original Message-----
>> From: Curt Arnold [mailto:carnold@apache.org]
>> Sent: 28 February 2005 22:28
>> To: Logging General
>> Subject: Re: [VOTE] log4net 1.2.9 beta release
>> What is your status with regard to PGP keys
>> (http://httpd.apache.org/dev/verification.html)?  I know that
>> I need to get my keys verified by a few other Apache
>> developers before a log4cxx release.

View raw message