singa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moaz Reyad (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SINGA-456) Adding more PGP Keys
Date Sat, 24 Aug 2019 23:45:00 GMT

    [ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16915107#comment-16915107
] 

Moaz Reyad commented on SINGA-456:
----------------------------------

reminder: the key will expire next month and it should be extended. Otherwise the next release
of SINGA can not be correctly signed.

I noticed also that many Apache projects put the KEYS file in GitHub, such as [MXNET|https://github.com/apache/incubator-mxnet/blob/master/KEYS],
[NIFI|https://github.com/apache/nifi/blob/master/KEYS], [Tika|https://github.com/apache/tika/blob/master/KEYS],
… etc. So it may be a good idea to add SINGA KEYS also to GitHub.

> Adding more PGP Keys
> --------------------
>
>                 Key: SINGA-456
>                 URL: https://issues.apache.org/jira/browse/SINGA-456
>             Project: Singa
>          Issue Type: Improvement
>            Reporter: Moaz Reyad
>            Priority: Major
>         Attachments: KEYS
>
>
> Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] file has
only one PGP key which is expiring this September (it needs to be updated). This means only
one person can sign the releases. While other projects like CouchDB for example, have several
keys in the [KEYS |https://www.apache.org/dist/couchdb/KEYS] file.
> It will be useful if every active Apache committer in the team create a PGP key and uploads
the Public Key Primary Fingerprint to his account using [Apache Account Utility|https://id.apache.org/].
Then append the new key to the SINGA KEYS file.
> Furthermore, the keys themselves can be signed for more trust. SINGA team can exchange
key signatures between them or organize a [key signing party|https://www.apache.org/dev/release-signing#key-signing-party].
This will help adding more SINGA committers into the [Apache Web of Trust|https://www.apache.org/dev/release-signing#web-of-trust].

> I attach with this issue the KEYS file with my key appended at the end. 



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message