logging-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <bode...@apache.org>
Subject Re: [VOTE] log4net 1.2.9 beta release
Date Thu, 17 Mar 2005 10:39:32 GMT
On Tue,  8 Mar 2005, Curt Arnold <carnold@apache.org> wrote:

> From http://www.apache.org/~henkp/trust/apache.html, it seems like
> it is no sin to sign a release with a key that has not yet been
> cross-signed.  2/3 of keys used to release ASF software haven't been
> cross-signed.

True, unfortunately.

I guess Nicko and Yoav should be very interested in cross signing each
others keys, given that Yoav signs Tomcat releases (you *do* sign them
Yoav, don't you 8-).

> The process described in http://www.apache.org/~henkp/trust/
> involves face-to-face meeting with government issued ID (passport,
> drivers license).

Dirk-Willem van Gulik frequently relates a story how he
unintentionally traveled into a country using a dutch library card of
his instead of his passport.  "government issued ID" is fine in
theory, but I wouldn't expect anybody to recognize my German passport,
much less validate it.

In reality things are a lot easier, you just need to get in touch
first, which is the hard part.

> Pretty easy if you live down the street from one of the existing ASF
> web of trust members (likely in the Bay Area, not so likely anywhere
> else).

See <http://www.apache.org/~dirkx/sgala.html> which is based on
information provided in the urls.txt file in the committers svn module
that every Apache committer has write access to.

> There was an "key signing" party at the last ApacheCON (and likely
> one at ApacheCON Europe).

I'm pretty sure there'll be one, yes.  Maybe not organized, but at
least I'll use every opportunity I can to sign keys and get mine
signed.

> If you'd like to get cross-signed now, you might post a message on
> committers@apache.org asking for anyone near your location

No, please don't use the committers@a.o list, this one is a no-opt-out
list for announcements only.  community@apache.org is more
appropriate.

Cheers

        Stefan

-- 
http://stefanbodewig.blogger.de/

Mime
View raw message