river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Burrell Donkin <robertburrelldon...@gmail.com>
Subject Re: Apache release signing on Solaris 10
Date Mon, 04 Jan 2010 17:28:39 GMT
On Mon, Jan 4, 2010 at 5:06 PM, Craig L Russell <Craig.Russell@sun.com> wrote:
> Hi Peter,
>
> From my perspective, you're good to go. The signature you made checks out.
>
> You'll need to put your public key into the svn repository associated with
> the river project (if you need details after looking around, let me know --
> I'm a little hazy on the details).

i haven't been tracking the progress made by infra so you might need
to check the archives but AFAIK we're still just using a KEYS files.
this consists of ASCII-exported public keys (IIRC this is covered in
the documentation). a good way to start a file is by copying the
template from an existing one.

> And I guess you're still awaiting a response whether your key is good
> enough. Robert, any feedback?

there are basically 3 things to check:

1. that both encryption and signing keys are 4096 RSA
2. that the keyring preferences are set to strong signing
3. that the key preferences are set to strong signing

and AFAICT the key looks fine

(probably need to find some time to update the documentation since the
GnuPG team now seem to have set everything up okay by defaults for the
new releases...)

- robert

Mime
View raw message