stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lahiru Sandaruwan <lahi...@wso2.com>
Subject Re: Recommendations on release keys
Date Thu, 12 Sep 2013 13:43:58 GMT
Thanks for the prompt reply Chip...


On Thu, Sep 12, 2013 at 6:52 PM, Chip Childers <chip.childers@sungard.com>wrote:

> On Thu, Sep 12, 2013 at 06:19:42PM +0530, Lahiru Sandaruwan wrote:
> > Hi all,
> >
> > We have been following some release guides for release management([1],
> > [2]). They state that we have to generate GPG keys for signing.
> > My question is that, is it better to get the packs signed by a mentor for
> > incubating release?
> >
> > Thanks.
> >
> > [1] http://airavata.apache.org/development/release-management.html
> > [2] http://airavata.apache.org/development/release-management.html
>
> IMO, whomever wants to be the release manager for your first release
> should be the one to sign the artifact.  Now, if you are creating a new
> key for it, and aren't connected to the larger ASF web or trust, that
> can be seen as a weakness.
>
> We can solve that though!  As part of voting (if someone votes +1), they
> have the option of providing a signature that can be added to the
> detached signature file for the release before it's committed to the
> release dir in svn.
>

+1,  So I will sign using my key and then get the help of mentors at voting.

Thanks.

>
> So...  That's where mentors can help.  When I vote, if it's a +1, I'll
> add my signature.  Others should consider doing the same.
>
> -chip
>



-- 
--
Lahiru Sandaruwan
Software Engineer,
Platform Technologies,
WSO2 Inc., http://wso2.com
lean.enterprise.middleware

email: lahirus@wso2.com cell: (+94) 773 325 954
blog: http://lahiruwrites.blogspot.com/
twitter: http://twitter.com/lahirus
linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146

Mime
View raw message