taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stian Soiland-Reyes (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TAVERNA-875) Spurious file: KEYS.template; KEYS file must contain all used keys
Date Thu, 10 Dec 2015 09:54:11 GMT

    [ https://issues.apache.org/jira/browse/TAVERNA-875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15050478#comment-15050478

Stian Soiland-Reyes commented on TAVERNA-875:

Thanks for raising this. I've removed KEYS.template from dist.

We did not automatically update the KEYS from the build, but documented it like this:


The idea was to somewhat simplify maintenance of the KEYS file as no existing Apache infrastructure
existed for this, the http://www.apache.org/dev/release-signing#keys-policy does not say how,
and I wanted to ensure that the id.apache.org info and https://people.apache.org/keys/group/taverna.asc
was updated and in correspondence with the KEYS file.

We do not plan to remove PMC members - but I guess the mentors would go - they have not so
far signed any releases though.

Would you have a suggestion on what update procedure we should have for the KEYS file? I think
I am the only one on the Taverna project that is fluent in GPG, so copy-paste command line
strings we can add to the Release Process page is the thing. Any manual editing of the KEYS
file must also then verify that you haven't deleted or broken something - so this sounds to
me more fragile than the current approach.

> Spurious file: KEYS.template; KEYS file must contain all used keys
> ------------------------------------------------------------------
>                 Key: TAVERNA-875
>                 URL: https://issues.apache.org/jira/browse/TAVERNA-875
>             Project: Apache Taverna
>          Issue Type: Bug
>         Environment: https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS.template
>            Reporter: Sebb
>            Assignee: Stian Soiland-Reyes
> The KEYS.template file does not belong on the ASF mirrors.
> Also it suggests that the KEYS file is being automatically created from the file https://people.apache.org/keys/group/taverna.asc
> This is not advisable, because that file only contains current keys for current PPMC
> The KEYS file is also needed to check archived releases, so must contain all the keys
which have ever been used to sign a release.
> Note also that following graduation, the taverna.asc file will only contain current keys
of current PMC members. However signers can include committers who are not PMC members.
> Please can you remove the KEYS.template file, and ensure that the KEYS file is maintained
as described below in future, thanks:
> http://www.apache.org/dev/release-signing#keys-policy

This message was sent by Atlassian JIRA

View raw message