quickstep-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Hyde <jhyde.apa...@gmail.com>
Subject Re: Release Managers?
Date Sun, 12 Feb 2017 06:39:21 GMT
I don't know whether it's even possible for more than one person to sign the release.

The way to make the release more "trustworthy" is to strengthen the release manager's web
of trust. Have a key signing party [1] and sign each other's keys. 

If the one person who signs the release is well established in the Apache web of trust then
the release is clearly a genuine product of the Apache Software Foundation. 

Regarding the report. It's possible that you're now scheduled to report only once per quarter.
Projects are only monthly when they start out. 

Julian

[1] https://en.m.wikipedia.org/wiki/Key_signing_party



Sent from my iPad
> On Feb 11, 2017, at 2:04 PM, Jignesh Patel <jmp.quickstep@gmail.com> wrote:
> 
> Hi folks: We are nearly ready to do a release. Anyone else wants to sign the release
along with me? 
> 
> 
> 
> Also, I haven’t seen an email about providing input for the usual Podling report? Anyone
else has seen this? I hope I haven’t missed it.
> 
> 
> 
> Cheers,
> 
> Jignesh  
> 

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message